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Key Features of ARCserve 6.5i for Windows NT and ARCselve Options: 

> Remote Installation, Parallel Push Install. 

> Device Management Wizards and 2D/3D Framework Visualisation. 

> End-to-end Data Encryption. 

> Installation Wizards. ' i ' 

> Intelligent Data Compression. , 

> Centralised Databases and Administration. 

> Enhanced Alert Targets. 

> Remote Disaster Recovery. . 1 

> Data Migration. j ( \ 
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Introducing the first database as universal as the Worldwide Web it serves. 



Is your database missing something? If it can’t handle multimedia 

as well as conventional data, you should be looking at the new DB2" Universal Database. If it 
can’t scale to serve a world of Web users, you could be missing some customers. And if it doesn’t 
run natively on platforms as diverse as Windows NT,™ Sun Solaris, AIX 1 and OS/2," you’re missing 
some major efficiencies. Not to worry. We’ve put absolutely everything you need to develop 
Java™-based Web apps into one package. And an eye-opening demonstration CD, including trial 
code, is absolutely free. Visit YY V\\».s o rhvare .il> m.ooin/dl>2 mii\ or call IBM Direct on 132 426 and 
ask for DB2NT/Info, and see what you’ve been missing. 


Solutions for a small planet™ = == r=r= 


ier countries. Microsoft and Windows N1 


; for a small planet are trademarks of International Business Machines Corporation in the United 
)soft Corporation. Java is a trademark of Sun Microsystems, Inc. Other company, product and 
others. ©1997 IBM Australia Corp. ACN 000 024 733. 0gilvySFT92 












Ralph Nader doesn't speak for me 


Last month in the US Ralph Nader, best known for 

his outspoken views and campaigns against large multi¬ 
nationals, mounted a campaign to examine the so-called 
business practices of Microsoft. As well, the US justice 
department mounted a case to investigate monopolistic 
practices by Microsoft in the bundling of Internet 
Explorer 4.0. Now, we all know that Microsoft can be at 
times a pain in the arse company and above all its own 
worst enemy but, without Microsoft and the vision of 
Bill Gates, the IT industry would not be where it is 
today. Lets face it, it is no crime for a company to be 
successful. The antitrust laws are designed to comple¬ 
ment, not displace, market forces. The laws do not pre¬ 
vent market winners from enjoying the fruits of their 
success or protect losers from the consequences of their 
failure. 

What the antitrust laws do condemn is anti¬ 
competitive conduct — truly exclusionary or predatory 
acts — by firms that have “monopoly power” - the power 
to raise prices or exclude competitors from the market. 
Microsoft’s critics have never established that Microsoft 
and its conduct satisfy either element of the law. 

In most discussions of Microsoft, it is just assumed 
that the company has monopoly power. However, no 
court has ever reached that conclusion. Even though 
more than 80 per cent of the personal computers in the 
world use Microsoft’s operating system, it is far from 
, clear that an antitrust court could 
« be persuaded that personal com¬ 
puter operating systems consti¬ 
tute a separate market. After 
J all, Microsoft’s critics claim 
that browsers in the near 
future will (or perhaps already do) 
compete with operating systems. 

Even assuming for the sake of argument that 
Microsoft does have monopoly power, the question still 
is whether truly anti-competitive behaviour accounts for 
its success. We don’t need to speculate about the answer, 
because government 
k antitrust enforcers 
) have spent the 
better part of 
seven years putting 




Microsoft’s competitive behaviour under a microscope. 

Over the last seven years the Federal Trade 
Commission set out to determine whether Microsoft 
had monopolised personal computer operating systems. 
After one of the most extensive antitrust investigations 
in history, the US government found only a single, 
rather picayune practice — the so-called “per processor” 
license — worthy of challenge. According to the US gov¬ 
ernment itself, that practice did not account for 
Microsoft’s competitive success. As a result, they agreed 
to a consent decree ending the practice. For Microsoft, 
acceding to the consent decree was just the beginning. 
Bill Gates couldn’t blow his nose without starting a new 
investigation. The US Justice Department stopped 
Microsoft from acquiring Intuit, the maker of Quicken 
personal-finance software. It threatened to block 
Microsoft’s introduction of Windows 95 because 
Microsoft included the MSN icon on the desktop. 

Now comes the charge that Microsoft has violated 
the consent decree by including its Internet browsing 
software, Internet Explorer, with Windows 95. 
Microsoft points to a provision in the decree that was 
negotiated by Microsoft for the specific purpose of 
allowing the company to include IE with Windows. 

It is telling that the government chose not to attack 
the. “bundling” of IE with Windows as an actual 
antitrust violation - merely as a violation of the consent 
decree. Whatever the technical merits of the govern¬ 
ment’s interpretation of the decree, you have to wonder 
what important public interest will be served if the gov¬ 
ernment’s case succeeds. Microsoft makes the IE brows¬ 
er available at no charge to consumers who buy new 
personal computers with Windows 95 installed. And 
more convenient, seamless access to the Internet from 
the desktop will help people to use the Internet. It is 
hard to see any anti-competitive danger that justifies 
denying people these benefits. 

At a recent anti Microsoft Rally in the US chaired 
and run by Ralph Nader, speakers stepping up to the 
platform included Sun CEO Scott McNealy and 
Roberta Katz, general counsel for Netscape 
Communications. Let’s face it, these guys lack total 
credibility as all they want to do is bash Bill until he 
hurts so that they can take his place. 
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Quota Server: Windows NT Disk Quota Management 

When you move NT into production, you’ll see that NT lacks the essential ability to set disk quotas. Users would 
simply take up as much disk space as they like, and there was nothing you could do about it until now. 
Quota Server from Argent solves this problem. 

+ Quota Server Manages the Explosive Growth of Disk Space on Your Network 

With the ever increasing connection to networks, users can now fill up a disk faster than ever. Without 
Quota Server you face a constant, ongoing and expensive battle. With Quota Server, the environment is 
managed for you - automatically. Set the quotas once, and Quota Server does the rest. A one-time 
investment in Quota Server removes your main NT problem once and for all. 

Buying More, More, and yet More Disks—the Gasoline-on-the-Fire Approach 

This approach makes some sense - a gigabyte is now under $300. But the weakness of this approach is that 
it just makes the problem worse - users are not discouraged from keeping old, useless files on-line. The 
real solution is Quota Server. 

Customize Reports, Monitor Multiple Servers Concurrently, Handle Huge Quotas 

Quota Server generates customizable reports. In an instant you will know who takes up what space, how 
much space is still available, etc. Quota Server can also monitor a large number of servers from the same 
window. With Quota Server, you can enforce quotas up to 2 terabytes in size. 

+ Quota Server is Flexible and Easy to Use — All Sites Need Quota Server 

Quota Server allows you to set multiple levels of alerts, warnings, actions and pop-ups, as well as integrates 
with all common E-mail systems. Notifications can be sent to several persons at the same time. Quota 
Server is fully integrated into the NT File Manager and the new Explorer Shell in Windows NT 4.0, so that it 
is extremely easy to use. Quota Server is lab-tested ,. market-proven software. 


ARGENT SOFTWARE 001 - 860 - 489-5553 

Mainframe-Power Products for Windows NT www.argent-nt.com 
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Is E commerce the next killer app? 


Kaufman 



As with the movie and music industries, the 

computer industry is always looking for the next big 
thing. Ever since Lotus 123 brought spreadsheets to busi¬ 
nesses and the Internet brought computers into the 
household vocabulary, people have realised that there’s 
money to be had in the next killer app. According to 
IBM, it will be in the guise of electronic commerce. 

Speaking at a recent IBM conference, the consultant 
Kenichi Ohmae proclaimed that by the year 2001, one 
third of all consumer spending will be on the Internet, 
whether it be from housing and financing to buying books 
and CDs. In total, that adds up to an estimated SUS1200 
billion dollars, which by any definition of the word is big 
bikkies indeed. Not surprisingly, the catch cry from IBM 
was that if you don’t want to be left behind, you too have 
to jump on the bandwagon - preferably with its software. 

Yet some large questions remain before you do so, for 
electronic commerce is not as easy to implement as a 
spreadsheet or word processor. Primary amongst them is 
the question of whether there’ll ever be a stan¬ 
dard, for the success of international com¬ 
merce relies upon them. 

In much the same way that all trade 
conducted in Australia is through a sin¬ 
gle denomination - namely the 
Australian dollar — so Internet 
commerce should ideally have a 
single currency.Yet no such currency 
has come about yet. While credit card 
companies such as Visa have been 
working on electronic commerce stan¬ 
dards and other companies such as 
Sausage Software have their proprietary 
solutions in place, there’s no such 
3 ~3~S5 jjjgjQ thing as the “Internet dollar” yet. 

* a * i » ~im & As such, if I want to make sure 


that I can buy products off the 
web, from workstations to a new book, I have to have 
multiple accounts — which takes away from the alleged 
ease that electronic commerce promises. 

According to Mark Elliot, IBM’s international general 
manager for software sales and marketing, this situation 
will remain until past the year 2000. “Until then you’ll be 


using your credit card, which will work fine for now,” he 
said. Yet not everyone has a credit card, nor does everyone 
want to use them for daily transactions. Furthermore, 
many people are still scared to use their credit cards over 
the Internet, even though the logic behind this is admit¬ 
tedly flawed. 

Smart cards face a similar problem, for while there are 
several of them being tested in the marketplace, none of 
them are compatible. However, this may change soon 
with Mondex announcing that the four major Australian 
banks - namely Westpac, National, ANZ and the 
Commonwealth — will start replacing credit cards with 
Mondex ones, which can be used for banking, shopping 
and even on vending manchines. Then again, if you pre¬ 
scribe to the Big Brother theory that an all-in-one card 
could impact on your privacy, then this may not be such 
a good thing. 

The other big question facing electronic commerce - 
and yourself if you want to implement it - is who will 
dominate the encryption business? For in the same month 
that Microsoft was fined 1 million dollars a day for 
bundling its Internet Explorer with Windows 95, it also 
announced that it would integrate its 128-bit encryption 
technology for online banking in future Windows prod¬ 
ucts (see our news story in the November issue) - which 
would seriously threaten companies such as IBM. 

William Reedy, IBM’s vice president of marketing for 
transaction systems, didn’t believe that Microsoft would 
go through with this, stating that it was against Microsoft’s 
best interests to strangle Windows NT’s software base by 
killing off competition. Yet as the Internet Explorer fiasco 
showed, Microsoft seems to have little compunction 
about doing just this. 

But be that as it may, it’s safe to predict that IBM is 
right in saying that electronic commerce will become a 
large application for the Internet. In much the same way 
that William Gibson envisioned cyberspace in his novel 
Neuromancer, the Internet will inevitably become a mas¬ 
sive sprawl where everything from trading on the stock- 
market to paying your bills will become possible. And 
with both the Internet and Windows NT gravitating 
toward transaction processing, it’s inevitable that the two 
will merge. O 
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EXPERIENCE THE ULTIMATE IN POWER, PERFORMANCE AND CONTROL. (Radio not includet 

Imagine your whole company as responsive as a high-performance automobile. That's the advantage of Tivoli enterprise systems management software. Tivoli gives you 
power to manage all your systems, networks and applications from a central point. So you can roll out new applications, configure desktops and maintain IT resources - 
through one truly open, highly scalable technology that works with the products of over 350 hardware and software vendors. Which gives you more "best of class" choii 
now, and down the road. Think about it. Technology choices from 350 vendors. Control by Tivoli. Worldwide support from IBM. Working together to give you the power 
manage anything. Anywhere. For more information call IBM on 132 426 or In New Zealand on 0800 426 132 and ask forTIVOLI/INFO or visit our website at www.tivoli.c 
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Small Business Server 

Brings Big Opportunities 


Microsoft has just introduced BackOffice Small 

Business Server (SBS). Aimed at small businesses, this 
product offers big opportunities for Internet Service 
Providers (ISPs), independent software vendors (ISVs), 
Value Added Providers (VAPs) and Microsoft Authorised 
Technical Education Centres (ATECs). 

What Is SBS? 

SBS consists of Windows NT Server 4.0 with Service 
Pack 3 (SP3) and selected BackOffice components scaled 
down to meet the needs of small businesses. SBS includes 
Internet Information Server (IIS) 3.0, Proxy Server 1.0, 
FrontPage98, SQL Server 6.5 (with SP3), Exchange 
Server 5.0 (with SP1), Outlook97, a fax server and 
modem pooling capability. By limiting the size of the 
BackOffice applications, Microsoft succeeded in tuning 
these components to fit the SBS audience’s needs. For 
example, the SBS version of Exchange requires only 7MB 
of RAM instead of the standard 32MB configuration. 
Tuning the applications to the audience is a unique ben¬ 
efit that’s not ordinarily feasible, because vendors usually 
can’t pinpoint the intended audience. 

SBS runs on one Pentium-class server with 64MB of 
BAM, 4GB of hard disk, and an adaptive modem. You get 
a 25-computer license for all the software and can handle 
up tolOO users. 

Installation and configuration require one CD-ROM 
and take about an hour. SBS makes most configuration 
decisions for you. For example, SBS’s Internet connection 
wizard lets you select from a list of ISPs. Then the wizard 
asks for a domain name and a credit card, dials the ISP, and 
configures your domain and network. All your users can 
now access the Internet. In addition, SBS automatically 
configures the Exchange Internet connector to dial the 
ISP once per hour and handle incoming and outgoing 
email. If you’re an ISP, many potential SBS customers will 
be able to use your services. 

The ISV Opportunity 

Although SBS includes SQL Server, no part of SBS 
requires SQL Server. So why did Microsoft throw in SQL 
Server? First, including SQL Server will substantially 
increase SQL Server’s market share, which increases the 


market for third-party SQL-based applications. In addi¬ 
tion, making SQL Server part of SBS will block 
Microsoft’s database competitors from penetrating the 
small business market. Few vendors can afford to give away 
a 25-user client/server database. 

With SQL, IIS, and Exchange on the SBS platform, 
ISVs that want to reach the small- to mid-sized business 
now have a known platform to integrate their solutions 
with. By creating SBS versions of their applications, they 
can offer small businesses database, Web, and messaging 
capabilities. If an application is built on SBS, software ven¬ 
dors no longer need to add the cost of SQL and Exchange 
to their solution’s cost. 

The VAP Opportunity 

To install, configure and support SBS to small business 
customers, Microsoft has created a new group of partners, 
called VAPs, which are consultants specialising in 
Microsoft technology. SBS provides a huge opportunity 
for VAPs to get their foot in the door with prospective 
small business customers who don’t have Internet con¬ 
nectivity or email. Before SBS, BackOffice required too 
much configuration or support to make it feasible for 
small businesses. With SBS,VAPs can offer small business¬ 
es the same functionality that was previously available to 
only mid- and large-sized companies. 

The ATEC Opportunity 

To help small business people get started with SBS, 
Microsoft ATECs are offering a one-day introductory 
course. It represents a great opportunity for ATECs 
because once SBS customers get a quick, inexpensive taste 
of components such as Exchange and SQL Server, their 
appetites will be whetted for more. Small business repre¬ 
sents a large new group of potential training customers. 

It's a Fit 

SBS fits perfectly with Microsoft’s successful business 
model of low-price, high-volume software. Small busi¬ 
nesses can benefit from the same level of technology that 
mid- and large-sized companies enjoy today. At $2,199 for 
SBS running 5 clients on a $3000 server, the opportuni¬ 
ties are big for small business. 
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Compaq goes 64-bit Merced - 
and that’s official 

Compaq CEO Eckhard Pfeiffer has told 
Windows NT Magazine at Comdex 97 that his 
company is committed to the Merced 64-bit 
chip technology. He said "Compaq is committed 
to industry standards and we will be supporting 
Merced. We are the company that can make 
Merced successful." He added "I don't know 
why Intel invested in Alpha-1 have not worked 
that one out. They have a lot of work to do 
unraveling what to with it." 

Digital and Intel settle 

Digital Equipment and Intel have settled their 
lawsuit by agreeing to establish a broad busi¬ 
ness relationship (see related news story in last 
month's News section). In the agreement, Intel 
will buy Digital's semiconductor manufacturing 
operations for about $700 million. The deal also 
includes a 10-year cross-licensing of patents 
and a firm commitment from Digital to develop 
NT offerings on both Intel and Alpha platforms. 
As part of the agreement, the two companies 
also agreed that: 

• Intel will purchase Digital's semiconductor 
operations in Massachusetts, Texas, and 
Jerusalem. 

• Digital will maintain Alpha-related semicon¬ 
ductor design teams to continue development 
of the Alpha. 

• Intel will provide Digital with Intel products 
and tech support. 

• Digital will develop a full line of Intel-based 
products. 

• Digital will port Digital's UNIX to Intel's IA-64 
architecture. 


BackOffice junior arrives for the SOHO market 


M icrosoft is set to shake-up competition in the Small Office Home Office (SOHO) 
market with its recent release of its BackOffice Small Business Server (SBS), 
described by the company as "a junior version of BackOffice". According to 
Microsoft, SBS is not just a bundling of popular Microsoft products but has been tailored 
specifically for this market. Jane Huxley, Microsoft's marketing manager, said: "it is 
a one-off to create a category of small business". 

SBS is designed for small businesses on a single site and is not a solution for 
business branches or departments. The product is limited to a maximum of 25 worksta¬ 
tions. According to the company, the reason for this limit is to stop larger companies 
from taking advantage of the low price point for these Microsoft applications. 

The product operates on a 32-bit platform and is based on the Windows NT Server. 
SBS enables Internet connection by providing modem pooling and an integrated fax 
server, which will only be available in this version of Windows NT and not in any other 
release. Microsoft is also incorporating an Internet Referral System to assist in Internet 
connection. The company stresses that they are not just working with ISP partners and 
that any ISP can produce a sign up referral disk, with information available on its Web 
site. This is designed to provide a solution of users not contained within urban ISP 
regions and allow regional ISP's to access this market. 

Server applications are "absolutely the full versions" and included in this package 
SQL Server with Service Pack 3, that will automatically load onto the server, Exchange 
Server and Outlook, Proxy Server, Internet Information Server and FrontPage 98, Access 
and Office 97. "It will contain functionality you won't see in BackOffice or NT," said 
Huxley. Microsoft claims that installation takes just under one hour, with a help wizard 
"written in easy language" to walk you through the process. 

Huxley emphasised that "NT 5.0 is still a way away", and that an upgrade from SBS 
Version 4 to Version 5 would be a full upgrade and not 
one of single components. "You can have a complete 
id to end solution for under $10,000," she said. 
Pricing for SBS starts at $2199 for five users and 
1 $3629 for 25 users. Additional AddPacks of 5 SBS 
| client licences for the five-user version are priced at 
$469. A version of SBS to be bundled with Office 97 
Professional will be available early next year. For 
further information contact Microsoft on 02 9870 
2200 or by Web site at 
■I http://www.microsoft.com/australia/products/ 

—backoff/sbs/. 
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Australian integrator puts NT into 747s 


Cheap seats from Lotus’ eSuite 


W hile most airlines now provide entertainment systems, passengers still have to 
wait for scheduled movies to begin. However, that will all change with the help of 
P@ssport, a new intranet-based entertainment system created by Sony Trans 
Com and the Australian company Praxa. 

Based on the Windows NT Server, it provides video-on-demand services for up to 500 
passengers simultaneously through the use of RAID arrays and Microsoft's NetShow 
Theatre server.Two data servers running IIS and SQL Server are used in the network, as 
well as ten content servers. 

In addition to providing movies and audio on demand, the system will allow 
passengers to play games, shop, browse cached Internet Web sites and even gamble, 
whilst also providing telephone, fax and modem capabilities from each seat. 

"What we're moving to next is interactive systems," claimed Brian Walsh, Praxa's 
Microsoft Business manager. According to Walsh, Windows NT was needed for this 
because it offered "the easiest to use and most reliable, scalable solution" 

Acting as an intranet, the system works by providing digital materiel in the form of 
compressed MPEG 1 streams running at a 2.0Mbit rate to diskless Windows 95 clients 
that are provided for each seat. Internet Explorer 4.0 is used as the client's browser. 

Designed for use on wide body aircraft such as Boeing 747s and Airbus A-330s, the 
system has just been sold to South African Airways and Walsh is confident that other 
airlines will follow suit. 



Lotus has released its Java based tools and 
applets package designed for the network envi¬ 
ronment. The eSuite products, previously code- 
named Kona, include Workplace for end users 
and DevPack for developers. 

The eSuite Workplace is designed for transac¬ 
tion and general workers, who typically only use 
10 per cent of application features. It provides a 
range of applets that can be loaded from the 
server, including ones that handle word pro¬ 
cessing, spreadsheets, calendaring and email. 
Third party Java applications are available to 
provide access to files created in office suite 
software such as SmartSuite. According to 
Michael Ossipoff, Lotus' marketing director for 
Australia and New Zealand, the new products 
"will not eliminate Microsoft Office or 
SmartSuite." 

eSuite Workplace works on component archi¬ 
tecture to allow users to choose what features 
they require. Pricing and packaging of these 
individual components is "still up in the air". 
eSuite will run on any Java Virtual Machine 
(JVM) with a minimum processor of a 66MHz 
Pentium. Lotus eSuite will be available in the 
first quarter of 1998, with pricing set for $69 per 
user if purchased through a volume pricing pro¬ 
gram. Lotus can be contacted on 02 9350 7700 or 
by Web site at http://www.lotus.com 
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IE 4.0 Available On Other Platforms 


Microsoft is making Internet Explorer (IE) 4.0 
available for mixed platform environments that 
might not include Windows NT. As of November 
5, Microsoft is providing a Preview 1 release of 
IE 4.0 for several UNIX platforms, beginning 
with Sun Microsystems' Solaris platform. Over 
the coming months, IE4.0 will become available 
for HP-UX, IBM AIX, and Silicon Graphics IRIX 
platforms. 

The Macintosh version of IE 4.0 is currently in 
beta and Microsoft anticipates shipping a 
Windows 3.1 version by the end of 1997. Dave 
Fester, US project manager for IE, says that 
Microsoft has reworked the Windows 3.1 ver¬ 
sion to operate more smoothly with existing 
hardware and software and to run with less 
than 8MB of RAM. But because Windows 3.1 is 
a native 16-bit platform, don't expect the same 
performance you find on 32-bit operating sys¬ 
tems, such as Windows NT. 

Allaire enhances Cold Fusion 

Allaire has released Cold Fusion Studio, an 
enhanced version of its Cold Fusion Web devel¬ 
opment package. New features include a dif¬ 
ferent integrated development environment 
and tools for constructing database applica¬ 
tions, query building, data editing and table 
browsing. A page editor is built into Allaire's 
HTML editing tool Homesite. 

Starbase Version 2.0 is bundled with Cold 
Fusion Studio to provide a development moni¬ 
toring facility that does not override the work in 
progress. 

Pricing for Cold Fusion Studio is $410 and is 
available in Australia through East Coast 
Software on (03) 9821 4848. 
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ADM goes one step ahead of Intel in graphics game 

A MD has announced a new 3D graphics technology that will be incorporated into its 
chips from the first half of next year. Called, simply enough, AMD-3D, it will 
provide a new set of instructions that will accelerate floating-point computations. 
According to AMD, it has support from major software companies as well as Microsoft. 

Designed to work in addition to Intel's MMX technology, which AMD is currently 
licensing, AMD-3D will also be available for licensing by other chip makers. According to 
David Somo, division marketing manager for AMD;s computational group, the tech¬ 
nology will provide users with the same level of graphic realism as SGI's machines, 
which were used to make the effects on such films as Jurassic Park. 

AMD also outlined the basic specifications for its next generation K7 processor. Due 
in the first half of 1999, the K7 will offer clock speeds in excess of 500MHz, an advanced 
bus interface that uses the Alpha EV6 protocol and the implementation of the Slot A 
architecture. For those who are wondering, Slot A is 
mechanically identical to Intel's Slot 1 technology, but 
is electronically different so that it's not compatible. 
However, AMD stressed that the Socket 7 tech¬ 
nology, which is due to be replaced by Slot 1, will 
continue to survive for quite a while to come. 
Shamelessly copying Mark Twain's famous 
saying, Somo claimed that "the demise of Socket 
7 has been greatly exaggerated," as the price of 
Slot 1 motherboards won't go down in price 
until the second quarter of next year. 

For more information, AMD can be contacted on 
02 9959 1937 or by Web at http://www.amd.com 


More Licensing Headaches from Microsoft 


A s of December 1, Microsoft will no longer offer Maintenance Plus and Upgrade 
Advantage Plus (concurrent licensing options) for the Office suite. Customers under 
these licensing options have until their licenses expire to choose a new option. 
Concurrent licensing is popular with many firms, not just large corporations. Concurrent 
licensing lets a company with 750 users purchase only 100 licenses, if only 100 users will 
use the software simultaneously. 

Many companies use this technique to keep costs down. For example, if a firm has 
offices in Britain and the US, the British office would use the software during its business 
hours, and the US office would use it during a different set of hours - a completely 
feasible arrangement with the countries' large time difference. But this option is no 
longer available. 

Corel responded to the news by promoting its concurrent licensing schemes. Many 
buyers already see Corel's Perfect Office as more affordable to own and maintain than 
Microsoft Office - but Office continues to dominate the desktop market. Microsoft will 
not drop its volume licensing, but it will restructure those plans for pricing per desktop. 
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Domino 5.0 due for release early 98 


Local Bank runs real-time on NT 


J 


L ocal financial institutions are set to change their system of settlement payments 
in the first half of 1998, with Colonial State Bank the first to implement the 
changes on a Windows NT server platform. 

The Reserve Bank of Australia has announced March 1998 as the time frame for 
financial institutions to move to real time gross settlements (RTGS) for high value 
payments. Until now organisations have been operating under deferred net settle¬ 
ments which have a higher systemic risk, which the move to RTGS will reduce. 

The Colonial State Bank is using the Tandem Payments Factory, incorporating 
liquidity and payments management software from FundTech running on Windows 
NT. For banks this means that inter-bank payments are now settled and guaranteed 
constantly throughout the day as opposed to the next 
day. According to Helen Burchell, marketing commu¬ 
nications manager for Tandem, "the company has 
i linked together the various components with a 
| common interface". 

i Australia and South Africa are the first countries 
where Tandem has piloted the payments 
product, due to the proximity of move to the 
real-time timeframe. 

For further information contact 
Tandem on 02 9770 7222 or by Web 
at http://www.tandem.com 


Compaq to enter clustering market 



I n an attempt to establish itself as an NT enterprise player, 
Compaq has revealed new ProLiant Clusters. Currently in beta 
testing, they are due for release in the first quarter of 1998. 
Going by the name of Proliant Cluster Series F, they will use Fibre 
Channel storage to provide a high level of scalability and throughput. 

"Fibre channel storage will revolutionise clustering by providing 
a storage system that can help simplify customers' configurations 
and provide the scalability and capacity necessary," said James 
Gruener, senior analyst at The Aberdeen Group. 

The Proliant Clusters will support Microsoft's Cluster Server, 
formerly codenamed Wolfpack. In addition to using fibre channel as 
the storage connection, they will also use either Ethernet or Tandem's 
ServerNet technology as the server interconnect. 

Compaq has also announced the ProLiant Cluster Series S, which 
are SCSI-based cluster configurations that will use Compaq's SMART- 
2 Array Controller family. These should also be available in the first 
quarter of 1998. 

For more information, Compaq can be contacted on 1300 368369, 
or by Web site at http://www.compaq.com.au 


Keen to keep up in the intranet and groupware 
market, Lotus will be releasing Domino and 
Notes 5.0 in the first half of 1998. 

While reticent about releasing too many details, 
Lotus has confirmed that NetObjects Fusion, a 
web development package, will be integrated in 
Domino 5.0. It will also provide advanced clus¬ 
tering and fail over features; be Corba compli¬ 
ant and allow for development of Java applets 
to be used on the client side. 

The main client for Domino, Notes 5.0, will be 
redesigned to provide an interface that resem¬ 
bles that of a browser. "I think you'll see the 
browser type of interface is going to become 
more pervasive across a range of products, 
because that’s what most customers are most 
comfortable with," claimed Peter Taylor, Lotus' 
new Australian managing director. Notes 5.0 
will also provide a new development environ¬ 
ment that will correlate more with Web devel¬ 
opment and provide more tools for creating 
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Next version of Visual 
C++ previewed 

Microsoft has released a technology preview of 
the next version of Visual C++ that will add sup¬ 
port for Dynamic HTML, Active Desktop, and 
OLE DB development. Microsoft will automati¬ 
cally send the preview, to be offered as an add¬ 
on to Visual Studio 5.0, to all current MSDN 
Universal subscribers. 

Microsoft plans to upgrade Visual Studio by for¬ 
mally releasing this technology preview in the 
first half of 1998. The product is in testing and 
is code-named Aspen. The next upgrade to 
Visual Studio, code-named Rainier, will support 
the newer COM+ extensions. Rainier is due out 
in 1999. 

For more information or to download the pre¬ 
view, see Microsoft's web site at 
http://www.microsoft.com/visualc 

Compaq moves into SOHO 
router market 

Compaq's latest router release, the Microcom 
808, is extending the company further into the 
small office market. The integrated access 
device incorporates router, hub and ISDN 
access and according to Ian Harvey, business 
unit manager of Communication Products, will 
allow Compaq to provide a service the other 
router providers don't. 

"Cisco, 3COM and Bay only provide a network, 
not a total solution on howto manage a whole 
environment," he said. 

The Microcom 808 integrates an 8 port lOBase- 
T Ethernet Hub, an IP router, 2 telephone service 
interfaces and an ISDN-BRI adaptor. It can con¬ 
nect up to eight users and can be expanded to 
20 with the addition of the Expansion Hub. The 
ISDN-BRI adaptor provides a throughput of 
128Kbps, which can increase to up to 512Kbps 
with an additional Stac Compression card. 

The communications system also includes a 
software package for configuration manage¬ 
ment and firewall protection features. The 
Microcom 808 is priced at $1399. The Stac 
Compression Module is $293 and the Microcom 
212 Expansion Hub is $294. Compaq can be con¬ 
tacted on 1300 36 83 69 or by Web site at 
http://www.compaq.com.au 


Seagate announces mammoth 47GB hard drive 


J ust when you boasted about your 9GB drive, Seagate has announced a 47GB driv 
that it claims is the largest in the world. Called the Elite 46 - although it's called th 
Elite 47 in the US - it is targeted primarily at enterprise systems, although Seagati 
is also aiming it at the digital audio and video market. 

Housed in a 5.25 inch case, the Elite 46 also features speeds of up to 184Mbits pe 
second; uses an UltraSCSI interface and has a mean time between failure (MTBF) o 
800,000 hours. Pricing details weren't available at the time of writing, although it shoulc 
be released by the time you read this. 

Also announced by Seagate is its line of 10,000 RPM Cheetah disc drives, which are 
available in capacities of 18GB, 9.1GB and 4.55GB. It's rated at providing data transfe 
speeds of up to 21MB per second 
Available in a 3.5 inch form factor, i 
uses either the Ultra SCSI or Fibre 
Channel interface. "At these speeds 
the SCSI interface is no longei 
acceptable," stated Paul Kruss 
Seagate's local managing director. 

For more information, Seagate can 
be contacted on 02 9725 3366 or by 
Web site at http://www.seagate.com 



Digital launches mid-range notebook series 



D igital has launched its HiNote VP 700 series of notebooks, which replace the 
previous VP 500 series. 

Targeted at the mid-range market, it nonetheless offers some high-end features. 
These include a 13.3-inch TFT screen, a two-in-one module that has both a 20X CD ROM 
drive and a floppy drive, 3D surround sound and the Intel 233Mhz MMX Pentium 
processor, which was formerly codenamed Tillamook. 

"(It is) the first to take on the Tillamook processor," stated Aaron Blackman, mobile 
marketing manager for Digital Australia. 

The notebook is also both DVD 
and Zip drive ready, with Blackman 
stating that the DVD module should 
be available by the time you read this, 
while the Zip drive is expected early 
next year. 

Although the notebooks range in 
price from $4,700, a notebook with all 
of the above features would retail at 
$8600. For more information, contact 
Digital on 132393, or by Web site at 
http://www.digital.com 
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Microsoft Exchange Server 


outconfigures, 
outadministers, 
outscales , 
out features, 
outmails 

and generally 

outinternets 

an other messaging and 
collaboration systems. 

(Outrageous? Not according to the experts.) 



In comparative reviews by Network World and 
Network Computing, Microsoft® Exchange Server 
prevailed over Lotus cc:Mail, Lotus Notes/Domino, 
and Novell GroupWise as the Internet messaging 
champ. Microsoft Exchange Server garnered an 
overall score of 8.7 on a scale of 1 to 10 in Network 
World’s review. And Network Computing dubbed 


Microsoft Exchange Server its "Editor’s Choice.” 
Further proof that Microsoft Exchange Server is 
the best messaging and collaboration system 
available today—the recent Burke Marketing 
Research study. It concluded that 70% of IT 
Administrators prefer Microsoft Exchange Server 
over Lotus Domino and Netscape Mail Server. 


Test it yourself: Try Microsoft Exchange Server 5.0 free for 120 days. 
www.microsoft.com/exchange/promo/eval/ 


Microsoft 

Where do you want to go today?- 
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Dell revamps its Latitude notebook 
with three new features 

Dell has superseded its high end Latitude XPi 
notebook with the Latitude CP, which includes 
three new features as well as a 233MHz 
Tillamook MMX processor. Offering a 13.3-inch 
TFT screen, 64MB of SDRAM, a 3.2 GB hard 
drive, 20X CD ROM drive and a 33.3K modem, it's 
priced at $7689. 

Designed for the corporate market (CP stands 
for corporate product), the Latitude CP intro¬ 
duces the HyperCool thermal management sys¬ 
tem, as well as the StrikeZone damage control 
and the ExpressCharge battery features. 

Put simply, HyperCool uses a heat pipe in the 
notebook that, with the help of a fan, tunnels the 
heat out of the notebook case through an 
exhaust port. 

The StrikeZone is simpler, being merely a bump 
on the underside of the case where the hard 
drive is kept. The effect of this is to protect 
against the notebook being dropped on a sur¬ 
face, as the bump protects the case from bend¬ 
ing under the weight of the drive and thus slap¬ 
ping the drive against the surface. 

Last in the line of quirkily named features is 
ExpressCharge, a feature which promises to 
charge up a Lithium Ion battery in one hour. 

Dell also announced a new budget notebook 
called the Inspiron 3000. Offering similar fea¬ 
tures to the Latitude CP, the main differences 
are that it's not NT certified,although Dell claims 
that it can still run NT; and it uses SDRAM 
instead of EDO RAM, which makes it more 
power hungry. It's priced from $6059 for a 
200MHz Pemtium II model. 

For more information, Dell can be contacted on 
1800 810 676, or by Web site at 
http://www.dell.com/apcc 



Five fingers and a browser 


I n an attempt to bring access to the Web at street level. North Communication 
Australia has launched a Kiosk Environment Web Browser that's based on Window 
NT. Called NetGain, it's designed to enable organisations to reach a new audience an< 
thus gain more from their investment in Internet and NT infrastructure. 

According to North Communications, NetGain is an advanced and versatile way tc 
display Web content on a touchscreen kiosk. Based on Microsoft's Internet Explorer, i 
provides built-in support for all current and future HTML and multimedia enhancements 
Amongst its features are database integration, monitoring and ordering, adminis 
tration, product orders and security through the use of the SET (secure electronic trans 
actions) standard. Based on Microsoft software, NetGain will support all current anc 
future HTML enhancements, allowing content to be displayed without modification in i 
public touchscreen kiosk environment. 

"The flexibility to display a Web site without modifying any code or programming 
language will mean an organisation now has another distribution channel. Web sites can 
be used for public promotions, trade exhibitions and in existing retail sites - a great way 
for organisations to introduce the public to the services and facilities they offer across the 
Web," said Rob McGregor, Managing Director of EvenTask Technology and Marketing 
"The opportunity to use their Web investment in more places, with direct feedback, will 
be appealing to any business which sees electronic distribution as part of their marketing 
strategy." 

Aimed at organisations 
whose delivery of infor¬ 
mation is changing to suit 
the public demand for a 24 
hour 7 days model, 

NetGain incorporates a 
variety of devices including 
card readers, ticket 
printers, PIN pads and 
scanners. NetGain can 
incorporate all of these 
technologies into a kiosk 
environment and interface 
them directly to a Web site through back-end devices. It can also interface local multi- 
media content to a Web site, significantly improving its impact in the public environment. 

NetGain's additional features include NetMovie, which adds full-motion video to any 
HTML content, and NetCook, which promises to turn your Web site into a transactional 
point-of-sales vehicle. Able to route data to a backend host, this "cookie on steroids" also 
routes data input to the kiosk's laser printer for forms or targeted advertising materials, 
to the credit card reader and PIN pad for financial transactions, or to the receipt printer. 

Last but not least, NetGain runs on a minimum configuration of Pentium 100 MHz 
with 16 MB RAM and retails for under $1000.00. 

For further information contact North Communications on 07 3870 8944 or by Web 
site at http://www.infonorth.com. Kevin Page 
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OzEmail swallows up Access One 


) 


O zEmail has announced that it will purchase all the shares of Access One, which was 
owned by Solution 6, for the sum of $25 million. While it is already the biggest ISP 
in Australia, the buy out ought to consolidate its position. 

While Access One was ranked as the number three Internet Service Provider (ISP) by 
market research firm www.consult, it had been losing money during the past year. 
Despite previous protestations from Solution 6 that Access One was an important 
aspect of its business strategy, it seems that the company - who is best known for its 
accounting software - has finally decided to cut its losses. 

"Access One has been our keenest competitor in the corporate and government 
sector and we are delighted to be acquiring their business," said Sean Howard, 
OzEmail's CEO. 

The chief executive of Solution 6, Chris Tyler, will be invited to join the board of 
OzEmail upon completion of the acquisition. 



Digital releases Alpha 
clustering solutions 

Digital has packaged a clustering solution 
based on its AlphaServers. The Internet 
Clustering Solution ranges from start-up plat¬ 
forms to enterprise systems. According to the 
company the server is highly scalable, with the 
entry-level system able to handle up to 10,000 
subscribers. 

Software provided includes TruCluster soft¬ 
ware for systems management; Advanced File 
System software that supports on-line recon¬ 



figuration of file systems and rapid reboot; and 
Logical Storage Manager software to assist in 
balancing workloads. 

The entry-level server configuration is based on 
the Digital AlphaServer 1000A and is priced at 
$140,000. The base package includes matched 
64-bit rackmounted Digital AlphaServer sys¬ 
tems, configured with TruCluster Available 
Solutions. Also included are 21.5GB of hot- 
swappable disk storage and a DAT drive, two 
17-inch monitors, keyboard and mouse, a 16- 
port Ethernet repeater and Internet application 
software. 

For further information contact Digital on 02 
9561 5252 or by Web site at http://www.dec.com 
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NT & BackOffice 

Try before you buy! 

The Commerce Trial Kit includes Windows NT Server, Internet Information Server, Site Server Enterprise Edition \ 
(including Commerce Server), SQL Server, Exchange Server, Transaction Server and Proxy Server. 

Get your evaluation cds at www.microsoft.com.au/eval/winntmag 

Evaluation CDs expire 90 or 120 days after installation 
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3Com announces shootout with 
other switch vendors 

3Com has released a new Layer 3 ASIC (appli¬ 
cation specific integrated circuit) switch 
engine which it claims provides the control of a 
router with the speed of a layer 2 switch. Called 
FIRE (Flexible Intelligent Routing Engine), it will 
feature in the CoreBuilder 3500 switch and, 
later in the year, the higher-end 9000 switch. 
Stating that many LANs and campus networks 
use routers instead of switches for the added 
control, 3Com believes that FIRE will replace 
routers at this level, whilst also acting as the 
fastest switch on the market. "We're talking 6to 
9 months before anyone comes close to where 
we are today," enthused Andy Hurt, 3Com’s 
marketing director. 

Claiming that the switch is scalable to 56Mpps 
(million packets per second) routing, its main 
feature apart from speed is an advanced queu¬ 
ing mechanism that provides bandwidth reser¬ 
vation and prioritisation. 

The CoreBuilder 3500 base unit is priced from 
$12,328, although a typical configuration, with 
24 Fast Ethernet ports, a management module, 
base switching and IP software as well as 
redundant power supplies would cost $37,527. 
For more information, 3Com can be contacted 
on 02 9937 5000, or by Web site at 
http://www.3com.com 

Ascend releases first 
smart core’ ATM switch 

Ascend has released what it believes is the first 
'smart core' ATM switch that combines the 
scalability of a core switch with the intelligence 
and service capability of an edge switch. 

The Ascend GX 550 is a carrier-class switch 
designed for the New Public Network. It's able 
to deliver 0C-48/STM-16 speeds and supports 
the industry-leading densities of 0C-3/STM-1, 
0C-12/STM-4 and OC-48/STM-16. 

Incorporating end-to-end Quality of Service 
(QoS), it also provides an SONET/SDH capabili¬ 
ty for high-speed trunking. 

Pricing wasn't available at the time of writing. 
For more information, contact Ascend on 03 


Unisys commits to Windows NT 


NWc, 



U nisys Corporation has announced a joint initiative 
with Microsoft that is designed to maximise the 
performance of Unisys servers running Windows 
NT and Microsoft's enterprise products. " We want to 
be part of the game," said Bob Wothersoon, director of 
marketing for Unisys Australia. Specifically targeting 
government and financial services markets, the companies 
believe the enterprise agreement will deliver business 
critical solutions for this environment. 

Part of the agreement includes the training of up to 2,000 
professionals on Microsoft enterprise products and setting up 
five application development centres for Microsoft solutions. 

According to Murray Richards, Unisys' business development 
manager, "part of the 2,000 (people trained) will be here in 
Australia with training already under way." Whilst the first 
five centres will not be in Australia, "another three are * 
on the way, with one to be located in the South Pacific 
region, possibly Australia or New Zealand," said 
Richards. 

In addition, Unisys will standardise internally on Microsoft Exchange Server and 
Internet products. "We are porting large applications to NT," said Richards. "We are 
showing quite a commitment considering our heritage to the mainframe environment." 

Unisys sees the initiative as a formalisation of the relationship it has built up with 
Microsoft over the years. "A natural migration," said Wothersoon. Unisys has been 
developing both hardware and software solutions, moving towards the Wintel envi¬ 
ronment. "The technology is moving to support NT," said Wothersoon. "Windows NT 
will become the dominant system in the next few years." 

Why Token Ring networks may not be dead 

I BM has just announced initiatives to bring Token Ring technology up to speed, 
including plans for native 100Mbps and IGbps Fligh-Speed Token Ring and Gigabit 
Token Ring solutions. The initiatives come from the Fligh-Speed Token Ring Alliance, 
which is a group of companies that include IBM, Madge Networks, Bay Networks, 
Cabletron and 3Com. 

Up to now Token Ring speeds have been limited to 16Mbps, which is slow when 
compared to Fast Ethernet speeds of 100Mbps and now IGbps. This has been a large 
reason why many Windows NT networks, which typically require a large bandwidth, has 
adopted the Ethernet and ATM standards. The Token Ring standards that the Alliance is 
promoting should be ratified by the end of 1998, although the IGbps standard should 
take longer. 

IBM has also announced that it will ship a 4/16/100 native Token Ring PCI client/server 
adapter in the second half of 1998. 
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Think tape backup. 
Think Seagate. 


SEAGATE HORNET* (Travan) 

Capacities from 3.2CB to 8GB. 
High-performance for desktop, workstation 
and server backup. 


SEAGATE SIDEWINDER® 



SEAGATE SCORPION® (DAT) 

Capacities from 2GB to 96GB. 
ligh-performance backup system 
or servers and workstations. 


(AIT—Advanced Intelligent Tape) 

Capacities of up to 50GB. 
High-performance backup for 
mid-range servers. 


Seagate TapeStor Travan and Seagate TapeStor DAT 

products include software and accessories for a complete solution. WWW.seagate.com 

For more details, 
call your local distributors 


&P Seagate 

DISTRIBUTORS: AUSTRALIA • ACA PACIFIC PTY LTD TEL: 1800-671796 FAX: 03-93881124 • AC ATE TECHNOLOGY PTY LTD TEL: 02-98784688 FAX: 02-98784655 • COSMOTEC AUSTRALIA PTY LTD 

TEL: 03-988881 33 FAX: 03-98089293 • TECH PACIFIC AUSTRALIA PTY LTD TEL: 02-93816000 FAX: 02-93816001 








Another major bug found in 
Pentium chip 

News surfaced recently that a new problem 
with Intel's Pentium processors could let almost 
anyone crash a Pentium-based computer with 
relative ease. 

The problem stems from the FO routines, a set of 
processor calls. Apparently, five simple proces¬ 
sor instructions can cause any classic Pentium 
or classic Pentium with MMX to completely 
lock up. Intel states the problem is limited to 
classic Pentiums and does not affect Pentium II 
or Pentium Pro style processors. It has also 
posted an erratum about this processor bug on 
its Web site. Only a few vendors, such as 
Berkeley Software Designs and Linux, have 
released a patch for their OSs. Novell says its 
NetWare systems are safe because running 
server software requires secured access. 

For owners of other OSs, the only quick fix now 
seems to be to not run mission-critical applica¬ 
tions on classic Pentium processors. 

Some computing experts have suggested that 
users might want to try disabling the Level 1 
Cache in the BIOS, if your BIOS has that option. 
This action makes Windows NT 4.0 immune to 
this problem, but the approach hasn't been test¬ 
ed yet on other OSs. Disabling the 1st Level 
Cache may cause your NT systems run much 
slower. 


Sequel brings control back to the 
intranet and Internet 


D o you know what your users are doing with their Internet access? 

If so then you're not alone, according to Mark Flowers, director of Sequel for th 
Asia Pacific region. In response to this, Sequel has announced the third version o 
Net AccessManager, its TCP/IP management package that's designed to monitor an 
manage user's intranet and Internet doings. 

Net AccessManager is designed to do several things, such as identify which perso 
or group uses the Internet the most, which Internet activity is the most common, wha 
times the Internet is being accessed the most and what Web sites are being accessed. 

Targeted for use by the average 
manager, it has Crystal Reports built 
in so that any authorised user can 
print their own reports on Internet 
access out. "We're bringing this 
ability down to the manger," claimed 
Flowers, who stated that previously 
it was only the MIS staff who could 
do this. 

New features that the third 
version incorporates include Proxy 
Server support; Oracle support; 
directory services support for NT, NDS, Bindery and LDAP; database archive and purgf 
capabilities and an Intergrated Monitor-only solution. 

Sequel is distributed in Australia by Unixpac, who can be contacted on 1800 022 13" 
and MorseCorp, who can be contacted on 02 9796 2225. Pricing starts from approx $6990 
for a starter pack with a 100 user II 



Samsung gets into the Alpha business 


In an attempt to broaden its semiconductor line, 
Samsung has started producing Alpha proces¬ 
sors and expects to be mass-producing 
600MHz versions by the time you read this. 
Word has it that Samsung has already devel¬ 
oped a 700MHz chip and, by the fourth quarter 
of next year, will be working on an 800MHz ver¬ 
sion. Aimed at workstations and servers, the 
chips will also target the graphics market by 
integrating specific graphic features. 

Samsung also plans on producing Alpha chips 
for ordinary PCs, which will consume less 
power but still deliver a higher performance 
than their Intel counterparts. Production for 
these is slated for the first quarter of next year. 


Tektronix embraces Hydra thin client 


T ektronix has announced its latest thin client product, which will be based on the 
Windows-based terminal (WBT) architecture. Called the ThinStream computer, it 
delivers access to applications stored on a central server. According to Tektronix it 
offers the advantages of being a low cost solution that's easy to administer. While pricing 
wasn't set at the time of writing, Tektronix expects it to be slightly over $1000. It will 
begin shipping from the end of January. 

"Based on developments in the market, we believe that the Windows-based Terminal 
architecture is the best way to deliver thin client functionality with a very low cost of 
ownership," said Dan Fullerton, national sales and marketing manager for Tektronix 
Australia. 

The first release of ThinStream software will include full-screen ICA capability 
coupled with Tektronix' own video solution and remote administration capabilities. The 
second release, due in the second quarter of 1998, will add Microsoft CE and T-Share 
capabilities. 

For more information, contact Tektronix on 02 9888 0100, or by Web site at 
http://www.tek.co m/N etwo rk_Co m pute rs/. 
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ONLY THREE THINGS ARE IMPORTANT: 


INTEGRATION INTEGRATION 
EGRATION 

INTEGRATION 

Why install fax client software when you already have 
Microsoft® Exchange or Outlook? 

With Faxination® for Microsoft Exchange, your 
Exchange client is the fax client. 

No additional client software to install, no additional 
user training, no support backlog. See the positive 
effect on your Total Cost of Ownership! 


INTEGRATION 

fou just deployed 1000 Exchange users and now you have 
:o enter them in a fax server directory as well? Get real! 

A/ith Faxination, the Exchange directory is the fax 
directory. So instead of juggling with two directories you 
;an handle everything from within Microsoft Exchange, 
using the familiar Exchange Admin tool. 

INTEGRATION 

In the real world, corporate needs extend beyond Fax and Exchange. With Faxination it is easy 
to add modules for SAP R/3. SMTP. Pa g in g . Mobile and even Telex connectivity, giving you one 
integrated solution for all your communication requirements. 






Because today's messaging is global, Faxination for Microsoft 
Exchange is available in 9 languages and is supported by a 
qualified partner network covering 54 countries worldwide. To 
find out more about Faxination for Microsoft Exchange and 
how we can tackle your real world issues today, call one of our 
Australian partners or visit our web site at www.fenestrae.com. 



Fenestrae* 

True Integrated Messaging Starts Here! 

www. fenestrae. com 
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SpaceView Explorer Enterprise 
released 


Boole and Babbage has released an enter¬ 
prise version of its storage management prod¬ 
uct, SpaceView Explorer. It has a new user 
interface that allows users to employ one GUI 
to manage server storage, which is platform 
independent. 

Storage monitoring features includes the ability 
to access current free space levels on the drive 
or file system. An alert function that highlights 
low disk storage levels also contains hyperlinks 
to the problem generating the alert. 

The 32-bit client/server application provides 
either graphical or text based management and 
uses a tree-diagram navigational structure. 
Storage can be managed from one central con¬ 
sole and supports platforms including MVS, 
Windows NT, HP/UX, Solaris and AIX servers. 
The company, traditionally a mainframe shop, 
has utilised its concepts for mainframe storage 
and incorporated them onto platforms. 
SpaceView Explorer for client/server platforms 
will be available early in 1998. Pricing was 
unavailable at time of writing. For further infor¬ 
mation contact Boole and Babbage on 03 9686 
7777 or by Web site at http://www.boole.com 



Platinum On The Horizon 


Putting the presure on application development 

I f Windows NT is to succeed in the mission critical marketplace, the applications 
written for it have to be thoroughly tested before being placed into market, rather than 
just relying on beta testing. This is the line from Rational Software, who has 
announced the release of Visual Quantify for Visual Basic, a tool for testing application 
performance. Rational also released SQA Suite 6.1, its application fortesting Web sites. 

Visual Quantify is a performance profiler that automatically pinpoints performance 
bottlenecks in VB applications. Features include the Quantify'd call graph, which gives a 
graphical view of procedure-call architecture, as well as PowerTune, which allows devel¬ 
opers to specify how much data Visual Quantify collects, as well as the level of analysis 
it conducts. Priced from $5862, 
it requires Visual Basic 5.0. It is 
also available for the Visual C++ 
platform and the Java Virtual 
Machine. 

SQA Suite 6.1 is designed 
to test Internet applications 
and Web sites for performance 
by looking at three different 
areas-functionality, structure 
and its load ability. 

The new feature in SQA 
Suite is the structure test, 
which traces every possible 
path through the site to make sure that all the pages are there. The functionality test 
looks to see if all the features of the application are fully functional, while the load test 
sees that the Web site works properly under pressure. 

"It puts a load on a server equivalent to a thousand users trying to access that site," 
explained Jeff Schuster, Rational's director of performance test product management. 

Another new feature is its support of Secure SSL. SQA Suite 6.1 is priced from 
$5200. For more information, contact Rational on 02 9419 8455, or by Web at 
http://www.rational.com 

Sybase announces successor to SQL Anywhere 



Microsoft is developing the new version of 
Exchange Server under the codename 
Platinum. According to Microsoft, Platinum will 
ship three to six months after NT 5.0 is officially 
released. Microsoft expects to release NT 5.0 
sometime in the first half of 1998. In keeping 
with the changes in NT 5.0, Microsoft will 
ensure that Platinum supports the new Active 
Directory architecture and integrates the NT 
and Exchange management consoles. 


S ybase has released the beta version of Adaptive Server Anywhere 6.0, the 
successor to its SQL Anywhere database system that was optimised for mobile 
computing. 

The key new feature of Adaptive Server Anywhere is its Java database support, with 
Sybase claiming that it's the first Java implementation of business logic and data objects 
directly in a relational database. 

Other features include symmetric multi-processor support, improved database 
caching and an enhanced optimiser. 

For more information, contact Sybase on 02 9936 8800, or by Web site at 
http://www.sybase.com 
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>IONEER S STORAGE CAPABILITIES 
ARE AS VAST AS YOUR NEEDS. 


DRM-1004X 

• 100 Discs 

• Four Drives 

• CD-R Capability 


DRM-5004X 

• 500 Discs 

• Four Drives 

• CD-R Capability 


Partner Yourself With The Leaders. 

Being a successful business often means generating large 
amounts of information. Whether it's text, data, images or video, 
your information requires careful management. That's why at 
Pioneer, we've been developing innovative CD-ROM storage 
that can change the entire way you do business. Our CD-ROM 
jukeboxes can provide you access of up to 320 Gigabytes of 
information within seconds, saving substantial time, labour and 
money. So whether you're finding the cure for cancer or a way to 
settle out of court, Pioneer v _ 

can help you focus on what Li 2 MlOIXIEEW 

you do best. The Art of Entertainment 


For details of your nearest SCSI Corporation Approved Reseller, please call Janice Stead on (02)9894 6033 

*■>:-! I SOLUTIONS AVAILABLE FOR VIRTUALLY ALL PLATFORMS | 

CORPORATION I I Australia's Leading CD-R0M/DVD, Mass Storage, Archival/Imaging and Network Appliance Distributor 



http://www.scsi.com.au 


Sydney 

Ph:(02)9894 6033 
Fax:(02)9894 6766 


Melbourne 

Ph:(03)9329 4433 
Fax:(03)9329 4466 














UNIFACE bolts in components 

Compuware has released UNIFACE 7.2, its com¬ 
ponent-based assembly environment that 
allows the integration of existing disparate 
components. "This is the first time you can 
make use of existing, components," said Frank 
Slootman, vice president and general manager 
of Compuware. 

The component-based deployment allows 
users to work with their existing applications 
regardless of technology origin, instead of 
throwing them out. "Existing components can 
be bolted in," Slootman said. 

Component interaction standards include 
Microsoft's DCOM and CORBA as well as the 
languages C++ and Java. This will allow com¬ 
ponent types to be changed at run times and 
still use the same interfaces. 

The construction environment uses the 
Building Blocks with a pre-designed framework 
to assist in component deployment. 

Contact Compuware on 02 9927 2799 or by Web 
site at http://www.compuware.com 
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More than a wing and a prayer 
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S toragetek has developed a range of storage devices in Australia specifically for the 
local market. The Daintree storage products are configured with modular, flexible 
components designed so organisations can outsource their storage problems. "We 
are building systems for people without expertise in-house," said Paul Rushton, 
Storagetek's Australasian marketing manager. 

According to Rushton, most organisations perform data storage and back-ups in an 
ad-hoc manner. "The bulk of information is stored in workstations and servers," he said. 
"Storage is a little thing you 
tack on the side and you 
hope you never need it." The 
Daintree range includes 
three packages which can be 
"packaged and tailored for 
customers", and is currently 
being used in the 
Parliamentary Information 
Services Offices (PISO). 

The Daintree Safety Net, 
which is designed for a 
distributed LAN envi¬ 
ronment, uses the network 
to back up servers. The storage multiplier automatically manages disk capacities and is 
able to clear disk space of copied data, after it reaches a nominated threshold. The trans¬ 
action guard is configured for mission critical environments and provides online backup 
and restore of transaction processing systems. The company also claims it has the 
largest tape libraries with capacities of up to 900 terabytes per module. The systems 
backup speeds are at one terabyte an hour. 

For further information contact Storagetek on 02 9438 4844 or by Web site at 
http://www.storagetek.com/oz 



NovaTech Internet Secur 


• Security Auditing 


• Network Penetration Testing 


• Secure Network Design 


• Firewall Configuration 


• ISS Distributor 


• General Security Assistance 


• Security Policy Development 


NovaTech is Australia’s leading Internet and Network 
Security Consultation firm specialising in TCP/IP networks. 
They can remotely assess your network and advise on how 
to increase your security or help in 
implementing a security regime that 
will fulfil your requirements. 

NovaTech Internet Security 
PO Box 487, Ermington NSW 2115 
WWW - http://www.novatech.net.au 
Email - novatech@novatech.net.au 
Phone: +61 2 9638 5883 Fax: +61 2 9967 4447 


I: novatech@novatech.net.au 
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Your company information is the most valuable resource you have, 
lowever every shared file, email and Internet download that enters your 
letwork has the potential to introduce a virus. One that could move quickly 
rom the desktop and spread throughout the network. 

Thankfully, there’s an easy-to-use, aggressively proactive way to 
;afeguard your whole network. Intel’s LANDesk® Virus Protect V5.0 offers 
nulti-layered protection across mixed Novell NetWare* and Microsoft 
Windows NT* networks. It can be managed from a 
single point of control and even safeguards unlimited 
® clients connected to a protected server. However if 


you need to protect a standalone PC, it can do that too. For a free trial CD, fax 
this coupon to 1800 685 568 or visit www.intel.com/apac/eng/network/ldvp 

















Workstation Virus 
Scanning Software 


protect yourself at all times with today’s batch of antivirus softare 


ust in case you haven’t heard, viruses can be fatal. 
Jeff Goldblum and Will Smith used one to wipe 
out an entire alien mothership in last year’s hit 
movie Independence Day. In reality, viruses won’t 
cause your computers to spontaneously break down, but 
they can be more than just a mere annoyance. 

Like it or not, viruses (particularly those of the macro 
variety) are becoming more and more prevalent in every¬ 
day computing. People send files back and forth across the 
Internet all day, and these files eventually make their way 
down the pipe to your computer. Because authenticating 
each downloaded file is difficult, you have a slight chance 
of downloading something infected by viruses. Factor in 
other virus distribution vehicles, such as exchanging flop¬ 
pies with co-workers and installing shrinkwrapped soft¬ 
ware, and you increase the chances of infecting your 
computer. I’ve received infected files from the most 
unlikely sources: an infected executable on a store-bought 



application, infected Word documents from Microsoft 
Professional Developers Conference CD-ROMs, and an 
infected Excel spreadsheet from a co-worker. 

Although no native Windows NT viruses are in circu¬ 
lation, a simple boot sector virus can still wreak havoc on 
your NT systems. I’ve seen a boot sector virus continually 
kill NT, causing the Blue Screen of Death at almost regu¬ 
lar intervals. 

Thank goodness, NT virus scanners are available in 
abundance. In this year’s virus scanner roundup, I looked 
at virus scanners available for NT Workstation. The results 
might surprise you. 

How We Tested 

One question that comes up often when you evaluate 
virus scanners is, “How do you determine which one is 
the best?” I usually reply, “It depends.” And it does. You 
can rate virus scanners based on their respective detection 
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VirusScan for 
Windows NT 3.02 



F-PROT 

Professional for 
Windows NT 3.01 

Contact: 

Computer Virus Clinic 
(02) 9607 4255 

Web: http://www.geko.net.au\~cvc 

Price: $89 

System Requirements: 

Windows NT 3.51 or 4.0 

platform: Intel rates. But with the 

current crop of viruses, 
you can assume that all virus detection routines detect 
about the same number of viruses. More variables are 
involved when you’re gauging which virus scanner 
outperforms the others. When you decide to purchase a 
virus scanner, your first priority is to make sure it finds the 
most common viruses. The more common the virus, the 
greater the chance you have of finding it. Playing the 
numbers game with virus scanners might look impressive 
on paper, but what if the virus scanner that can detect a 
million viruses just happens to miss the Lacroix Excel 
macro virus? 

In this comparative review, besides detection rates, I’ll 
look at features such as realtime scanning and automatic 
updates. Let’s face it, running virus scans is almost as much 
fun as, well, doing backups. If you do an informal poll 
within your organisation, I’d bet my software that very 


Contact: 

McAfee • 1800 644 646 
Web: http://www.mcafee.com 
Price: $89.95 
System Requirements: 
Windows NT 3.51 or 4.0 
platform: Intel 


Cheyenne Anti-Virus 
(InocuLAN client) 

Contact: 

Cheyenne (division of, Computer Associates 
International) • (02) 9937 0800 
Web: http://www.cheyenne.com 
Price: $110 

System Requirements: 

Windows NT 3.51 or 4.0 
platform: Intel, MIPS, 

Alpha, PowerPC 


Dr Solomon's 
Anti-Virus Toolkit for 
Windows NT 

Contact: 

Dr Solomon's Software 
(03) 9690 0455 

Web: http://www.drsolomon.com 
Price: $99 

System Requirements: 

Windows NT 3.51 or 4.0 
platform: Intel 


few people run virus sc; 
regularly, if ever. Most antivirus 
vendors recognise that : 
professionals have too much work 
to worry about purifying their files 
daily or weekly, so vendors have added realtime scanning 
modules to their virus scanners. Realtime scanners are 
watchdogs that sit in the background, monitoring disk 
I/O for strains of viruses. When the system loads an 
infected executable, the scanner kicks in to clean the file. 

In the past, virus scanners were dated as soon as they 
hit the street. New viruses are discovered every month, 
and in the dark ages before the Internet became a viable 
global network, virus scanners had no way of knowing 
about these new strains. Today, nearly every antivirus 
vendor makes updates available from its Web or FTP site. 
Automatic updating is simply an automated retrieval and 
installation process, making staying up-to-date on the 
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latest viruses in the wild a bit easier. 

Another requirement to consider is 
technical support. Although most modern 
virus scanners are easy to use, cleaning 
infected files is a different story. For the 
more stubborn viruses, calling a specialist is 
not a bad idea. How the companies handle 
panic calls is almost as important as what 
type of viruses their software can detect. 
My review also covers documentation in¬ 
cluded with the software, the user inter¬ 
face, notification options, and scheduling 
capabilities. 

Some virus scanners include new 
heuristics-based technology. Traditionally, 
virus scanners use definition files to detect 
viruses. For example, a typical definition 
file includes a string of unintelligible (at 
least to human eyes) code that replicates 
the exact structure of a known virus. When 
scanning, the program compares the struc¬ 
ture of each file against that string. When 
the program finds a match, it triggers an 
alert to let you know that it has detected a 
virus. This method has worked very well in 
the past, but newer viruses (such as poly¬ 
morphic viruses and the ever-popular 
macro virus) laugh in the face of defini¬ 
tions. With a heuristics-based scanning 
engine, a virus scanner can plow through 
files looking for virus-like behaviour. 
Rather than relying on exact matches, 
virus scanners can now actively seek out 
potentially destructive code. 

In theory, this method tends to gener¬ 
ate false positives (showing that a file is 
infected with a new virus when it’s not), 
but it provides an additional layer of secu¬ 
rity, which is a good trade-off. In practice, 
however, this situation happens so infre¬ 
quently that it’s not much of a concern. 

Price is, of course, also a concern. Small 
businesses might find it difficult to justify 
the cost of a multi-thousand dollar virus 
scanner with every single feature known to 
humankind. The perfect virus scanner is 
priced to sell (that is, under $100). 

For this review, I introduced a package 
of roughly 50 common viruses, Trojan 
horses, and macro viruses into the testing 
environment. The testing environment 
consisted of one 150MHz Pentium 
machine running NT Workstation 4.0 



■ Screen 1: 

Using InocuLAN's 

simple but powerful 
user interface 


with Service Pack 3. Some viruses were 
compressed and archived with PKZIP. I 
then zipped the ZIP files yet again in an 
attempt to catch the virus scanners off¬ 
guard. I installed each virus scanner inde¬ 
pendently of the others to prevent conflicts 
between each application. 

I designed the testing regimen to be as 
straightforward as possible: I installed the 
viruses to a directory on the hard disk, 
triggering the flags of any virus scanner 
that happened to be poking around in that 
directory. Although this test might be less 
scientific than most conventional methods, 
it’s also more representative of how users 
catch viruses. After all, all the poking and 
prodding in the world won’t help if a virus 
hits your system when you load a file. 

Cheyenne Anti-Virus 
(InocuLAN Client) 

Computer Associates’ (CA’s) InocuLAN, of 
which Cheyenne is a division, has long 
been one of the finest NT Server virus 
scanners on the market. However, posi¬ 
tioning itself as a server tool effectively 
priced InocuLAN out of the small 
office/home office (SOHO) market. 
Realising this drawback, CA has issued an 
affordable workstation edition of 
InocuLAN that includes some important 
features of the server version. 

InocuLAN ships on one CD-ROM 
and includes a comprehensive manual. 
Installation is simple: you insert the CD- 
ROM, feed a few directory names to the 
Setup program, and you’re up and running. 
Although the manual lacks the encyclope¬ 
dic information you get with other 
programs, CA makes a virus encyclopedia 


available on its Web site. 

First, you’ll notice the user interface 
lacks the glitz of rival utilities, as Screen 1 
shows. What it lacks in aesthetics, however, 
is made up for in usability. Various options 
are scattered across multiple context-sensi¬ 
tive menus and dialogue boxes, and setting 
up a scan is as easy as selecting the drives to 
scan and clicking the Go button. 

Looks and usability are meaningless 
unless the scanning engine has the cleaning 
power to make it worthwhile. Fortunately, 
the capabilities under InocuLAN’s hood 
are top-notch. 

InocuLAN’s scanning options are 
configurable to an extent. You can select 
which files a scan will include or exclude, 
based on their file extensions.You can select 
from one of three scanning options: Fast 
Scan, Secure Scan, and Reviewer Scan. I 
opted for the secure mode, and a default 
scan detected every virus in my test bed. 
This success rate included double-zipped 
files. Feeling particularly sadistic, I rezipped 
the double-zipped files, giving the infected 
files a three-layer compression shell. Again, 
InocuLAN plowed through the triple- 
zipped files without incident. Much to my 
delight, InocuLAN also cleaned every 
infected file without incident. 

Unfortunately, InocuLAN’s scanning 
engine doesn’t support heuristics-based 
scanning. InocuLAN can’t detect some of 
the more recent and obscure viruses. The 
slight upside to this shortcoming is that 
InocuLAN also generates few false posi¬ 
tives. CA does have a heuristics-based 
version of InocuLAN in beta testing, and 
the final product might be available in the 
form of a virus definition update by the 
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An Australian edition of 
the Bible is coming! 




time you read this. 

InocuLAN’s notification options shine. 
By default, InocuLAN logs all activity in a 
text file, letting you call it up with just 
about any word processor or text editor 
available. For advanced configurations, you 
can set up InocuLAN to send virus alerts 
to pagers, Simple Network Management 
Protocol (SNMP) managers, email mail¬ 
boxes, and remote printers. Admittedly, 
most of InocuLAN’s notification features 
are overkill for small networks, but know¬ 
ing that CA treats the workstation market 
with the same consideration that the 
company gives the more lucrative server 
market is reassuring. 

Likewise, InocuLAN’s scheduling 
options feature is comprehensive, albeit 
slightly inaccessible. You can set 
InocuLAN to run once a day, once a 
week, once a month, or multiple times 
daily. But the placement of its scheduling 
options makes the feature difficult to use. 
To schedule a scan, you must go into 
InocuLAN’s Domain Manager, select your 
machine from the list of workstations on 
the network, and fill in the pertinent 
information. 

InocuLAN’s Realtime Monitor de¬ 
serves an honourable mention. This on- 
the-fly scanning component sits in the 
background, monitoring both incoming 
and outgoing files. Because InocuLAN is 
primarily a server-based antivirus package, 
Realtime Monitor can scan network drives 
and email inboxes, if you use Microsoft’s 
Exchange or Outlook clients and have the 
CA E-mail module installed. When the 
program detects viruses, InocuLAN can 
either clean the file, move the file, rename 
the file, or delete it. Interestingly, you can 
copy infected files to a special protected 
directory on the server to quarantine them 
- isolating them from every other file on 
the network - to minimise the chances of 
spreading the virus. 

Virus definition updates are available 
for free from CA’s Web site, but the 
retrieval and installation applet is not inte¬ 
grated with the main program. CA wants 
to give administrators more control by 
letting them disable definition updates. The 
purpose is to force some sort of standard¬ 



■ Screen 2: 

Using F-PROT 
Professional's 

predefined tasks 


isation across the network. (Don’t worry, I 
didn’t quite understand it either.) 

Regardless of this arrangement, retriev¬ 
ing and installing updates is relatively pain¬ 
less. The AutoDownload Manager, which 
you must start separately, runs as a sched¬ 
uled service.You can set it to execute once 
a month, ensuring that you always have the 
latest virus definitions installed. 

InocuLAN is the most scalable pack¬ 
age I covered in this roundup. If you antic¬ 
ipate the need to add more machines to 
your network, InocuLAN is your best 
choice. It accommodates your needs as 
your working environment grows. 

F-PROT Professional for 
Windows NT 3.0 

In the early ’90s, when DOS still ruled, the 
two main shareware virus scanners were 
McAfee’s VirusScan and Command 
Software Systems’ F-PROT. VirusScan has 
already made a successful transition from 
DOS to NT, leaving F-PROT with a hard 
act to follow. 

F-PROT Professional ships on four 
permanently write-protected disks, 
preventing unauthorised tampering. 
Installation is straightforward. You let the 
program create a directory, select the 
components you want to install, and feed 
the floppies to the computer. Four floppies 
later, you’re ready to go. F-PROT 
Professional comes with a thin manual that 
you can throw away once you’ve installed 
the software. 

Like VirusScan, F-PROT Professional 
is a task-based virus scanner. Unlike 
McAfee’s offering, however, F-PROT 
includes several predefined tasks, as Screen 


2, shows. This feature helps you get up tc 
speed and send F-PROT in on the wa 
against viruses. 

New tasks are easy to set up ir 
F-PROT Professional. You click on the 
New Task button to bring up a dialogut 
box that asks whether the new task i: 
a user-level or administrator-level task.Yoi 
select the appropriate security level tc 
bring up the Properties dialogue box that 
lets you specify which drives to scan, 
which files to exclude, and how the 
program will act when it encounters a 

Once you have saved the task, you can 
schedule it with F-PROT’s internal sched¬ 
uling tool. This scheduling tool is not as 
comprehensive as the schedulers in other 
products, but it supports daily, weekly, and 
monthly scans. A unique option in this 
scheduler is the ability to send F-PROT 
into action after a prespecified amount of 
idle time has elapsed. 

F-PROT’s detection rate was good, 
but not perfect. It detected 39 of the 
40 unzipped viruses (including all the 
Office macro viruses) and 9 of the 
10 double-zipped viruses.This score might 
be less important than it seems, because the 
39 viruses it detected are some of the more 
common strains, such as Jerusalem and 
Michelangelo. For detection of more 
advanced viruses, F-PROT includes a 
heuristics analysis module, which is still 
considered experimental. In testing, this 
module generated many false positives 
because of its alpha-level status, so I recom¬ 
mend turning it off. 

F-PROT’s realtime scanning module, 
Dynamic Virus Protection (DVP),is excel- 
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lent. It detects nearly every virus loaded 
and takes up very little CPU time. 

The program moves infected files 
immediately to a quarantine directory to 
await treatment. This process isolates the 
nfected files from the rest of the hard disk. 

Cleaning the files was interesting to 
vatch. F-PROT quite possibly has the best 
disinfecting rate of any virus scanner on 
;he market today. The other virus scanners 
n this review stumbled over at least four or 
ive infected files, but F-PROT cleaned 
everything it detected (quite possibly inval- 
dating the lower detection rate vis a vis the 
ether virus scanners). 

The notification options in F-PROT 
Professional are very good. The software 
rses a Messaging API (MAPI)-compliant 
notification module that supports email 
notification on systems that support the 
MAPI standard. Pager notifications are 
missing, but you can send broadcast 
messages over a network when the 
program detects a virus. 

Command Software Systems makes 
electronic definition updates available to 
registered users via its Web site. This 
method seems somewhat kludgey 
compared with the integrated update re¬ 
trieval routines found in other pro¬ 
grams, however. To make staying up- 
to-date with the latest viruses easy, 
F-PROT Professional lets you enter 
custom virus strings. 

In terms of technical support, 
Command Software Systems stands head 
and shoulders above the other vendors. A 
24-hour, toll-free emergency hodine is 
available to all users. Here’s hoping it sparks 
a new trend among antivirus software 
vendors. 

F-PROT Professional is a good tool, 
but it simply doesn’t have the pizazz 
to make it a must-have. The program 
doesn’t have many compelling fea¬ 
tures, making it only an adequate virus 
scanner. 

Additionally, the alpha status of 
F-PROT Professional’s heuristics scanning 
engine makes it a hindrance. That fact, 
combined with the lack of automatic 
updates, knocks F-PROT Professional out 
of the running. Command Software 
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Systems is committed to refining F-PROT, 
and the product will be one to look for 
when it matures. 

Dr Solomon's Anti-Virus 
Toolkit for Windows NT 

Dr Solomon’s Anti-Virus Toolkit for 
Windows NT is a favourite among virus 
researchers. And why not? After all, virus 
researchers designed the software. 

Dr Solomon’s product comprises 
several components. The version I tested 
ships on a handful of permanendy write- 
protected floppy disks, which include 
versions for DOS and NT and a special 
virus detecting boot disk called Magic 
Bullet. Dr Solomon’s also includes a CD- 
ROM to make installation a bit easier. 
Before installing the software, I rebooted 
the test system with Magic Bullet in the 
disk drive. Unbeknownst to Magic Bullet, 
I infected the system with a boot sector 
virus. When the system started, Magic 
Bullet immediately found the infection 
and cleaned it. 

To make sure everything’s on the up 
and up, Dr Solomon’s runs an immediate 
full system scan after installation, detecting 
and nuking the infected files I liberally 
sprinkled throughout my hard disks. Dr 
Solomon’s also caught the double-zipped 
files. Further testing revealed that Dr 
Solomon’s acts like, well, acid when it 
detects files that have been compressed 
multiple times. The scanner eats and eats 
through the layers of compression until it 
gets to the real files. 

More impressive. Dr Solomon’s comes 
with several manuals that are more akin to 
books than instruction pamphlets. A very 


useful guide to evaluating antivirus soft¬ 
ware shows you the most important attrib¬ 
utes to look for when you’re trying to find 
the right solution for your systems. 
Surprisingly, this guide lacks traces of bias. 
The words Dr Solomon never appear in the 
book. A massive (about 400-page) virus 
encyclopedia that includes information 
about most known viruses completes the 
package. 

When you load Dr Solomon’s, you’ll 
notice that the interface has been stream¬ 
lined (which is impressive because the 
interface in older releases was clean 
already). To launch scans, you select the 
drives in the Drives dialogue box and click 
Find (to detect viruses only) or Repair (to 
clean infected files), as Screen 3 shows. 

Dr Solomon’s WinGuard scanner 
handles realtime virus scanning. WinGuard 
runs quietly in the background until an 
infected file is executed. WinGuard then 
automatically repairs the file, making 
WinGuard an ideal program for server 
computers that run (usually without user 
intervention) 24 hours a day. 

The new version of Dr Solomon’s 
includes and uses a heuristics scanning 
engine to detect unknown viruses. By 
using a heuristics-based engine, Dr 
Solomon’s can look for suspicious strings 
in files to make the detection process more 
comprehensive. 

Dr Solomon’s scanning services are 
excellent. In a few minutes, the program 
worked its way through my infected files, 
identifying each one and eradicating them. 
Not even double-zipped files made it past 
the good doctor. 

As far as notification options go, well, in 
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Dr Solomon’s they are close to nonexis¬ 
tent. You can have the program report 
whatever it finds to a text file or a printer, 
but nothing more. If you’re using Dr 
Solomon’s as a virus scanner for a stand¬ 
alone workstation, this level of reporting 
might be adequate, but it’s clearly not 
enough if you plan to have the software 
scan multiple machines across a network. 

Dr Solomon’s scheduling services, in 
contrast, are both excellent and flexible. 
The internal scheduler supports interval 
scanning, rather than just daily or weekly 
scanning. You can set up the scheduler to 
do full system scans when your system is 
idle. For example, if you leave the office 
for lunch at noon every day, you can have 
the program perform a scan from 12:00 
pm to 1:00 pm, then again at 5:00 pm 
when you call it a day. The scheduler also 
supports external applications, so you can 
use it as a more elegant AT command 
(NT’s internal and slightly convoluted 
scheduling service). 

Unfortunately, Dr Solomon’s handles 
virus definition updates poorly. Each box 
of Dr Solomon’s Anti-Virus includes quar¬ 
terly virus definition updates that are sent 
out on floppies.You can also retrieve these 
updates from Dr Solomon’s Web site, but 
you must install them manually. With new 
viruses appearing almost on a weekly basis, 
issuing updates four times a year makes 
very little sense, especially when compared 
with other products that update monthly 
or even weekly. 

Dr Solomon’s Anti-Virus Toolkit is 
a first-rate virus scanner that keeps going 
and going and going. However, the quar¬ 
terly update plan makes very little sense to 
me. Other virus scanners in this review 
perform just as well as Dr Solomon’s and 
offer more frequent undates 


VirusScan for Windows NT 3.02 

Although early versions of McAfee’s 
VirusScan for Windows NT lacked essen¬ 
tial features and were rough in their execu¬ 
tion, many of the nagging shortcomings I 
encountered in last year’s version have 
been cleaned up in version 3.02. 

VirusScan ships on CD-ROM and 
floppies, but because 3.02 was brand new, I 
opted to download the code from 
McAfee’s FTP server (at press time, the files 
were stored at ftp://ftp.mcafee.com/ 
pub/antivirus/winnt/vscannt). Once I 
downloaded and unzipped the 3MB file, I 
executed setup.exe and specified an instal¬ 
lation directory to install the software. 
Because I already had a previous version of 
VirusScan installed, Setup offered to 
upgrade the existing files (actually, it 
removed them). Note, though, that you 
must use an account with Administrator 
privileges to install VirusScan if you intend 
to scan network drives. Unfortunately, the 
documentation with the retail package is 
skimpy. Aside from installation instructions, 
most of the good stuff is available electron¬ 
ically in a Help file. 

VirusScan 3.02’s user interface, shown 
in Screen 4, is nearly identical to that of 
version 2.5. Wrapped around the scanning 
engine is an intuitive console from which 
you can set up tasks, update virus defini¬ 
tions, and view the virus list. 

Running a scan is a bit trickier than 
you would expect. You don’t simply click 
on a drive and let the virus scanner work 
its magic. VirusScan requires you to create 
scan tasks, which are predefined jobs that 
let VirusScan know which drives to scan. 
Although this approach might sound 
cumbersome, the execution is more flexi¬ 
ble than the conventional method. For 
PYarrmle I cet nn one task to scan all local 


drives, another to scan network resources, 
another to scan my download directory, 
and one to scan my incoming email direc¬ 
tory, each task executing independently of 
one another. You can have VirusScan plow 
through your local hard disks and network 
hard disks once a week to keep CPU and 
bandwidth usage to a minimum. The two 
most active directories on my system are 
my download and email directories - on a 
slow day, I pull in roughly 100 files - so I 
have VirusScan check for viruses in those 
two repositories once an hour. 

In addition to the ability to schedule 
scans to run during off-peak hours, you 
can adjust the amount of priority the scan 
process receives. Those who use IDE hard 
disks will appreciate this feature because it 
prevents VirusScan from draining all avail¬ 
able CPU resources. On a typical SCSI- 
based system, Task Manager reported 60 
per cent CPU usage with high priority, 50 
per cent usage with medium priority, and 
35 per cent usage with low priority. On 
EIDE hard disks, the CPU usage jumped 
up to 95 per cent for high priority, 76 per 
cent for medium priority, and 45 per cent 
for low priority. 

VirusScan for NT doesn’t have many 
downsides. The only problem I have with 
the program is that it fails to take advantage 
of the Win32 APIs multithreading archi¬ 
tecture, limiting its scanning engine to 
working on one drive at a time. With SCSI 
hard disks becoming more and more 
common in new systems, I’d like virus 
scanners to tackle multiple disks concur¬ 
rently. To be fair, I must say that every prod¬ 
uct covered in this roundup works off of a 
single-threaded scanning engine. 

VirusScan’s notification options leave 
something to be desired. Most common 
notification methods, such as email, 
printer, or pager alerts, are conspicuously 
absent. In fact, the only option that some¬ 
what resembles a notification feature is 
VirusScan’s Prompt on Detection option. 
If you set the scanning engine’s behaviour 
to prompt only, VirusScan emits a (rather 
obnoxious) alert and a customisable 
message when it detects a virus. 

In practice.VirusScan’s detection rate is 
top-notch. In about 10 minutes, VirusScan 













plowed through 2GB of files and detected 
and cleaned infected Word documents, 
Excel documents, boot sector viruses, and 
polymorphic pests. The final score was 
VirusScan 40, viruses 0. McAfee claims 
thatVirusScan has a 100 per cent detection 
rate, but seeing the result was still surpris¬ 
ing. So I threw 10 double-zipped infected 
files at VirusScan. It found all 10 viruses, 
but it couldn’t clean them while they were 
in zipped format. VirusScan also logs all 
activity in a plain text file, making viewing 
the results of the last scan easy. 

VirusScan’s high detection rate comes 
from its Hunter engine. The Hunter 
engine is a heuristics-based detection 
engine that focuses mostly on polymor¬ 
phic and Office viruses. This feature is 
important because polymorphic viruses 
have a nasty tendency to change forms to 
avoid detection, as their name implies. And 
Office viruses are becoming more and 
more prevalent as virus authors dabble in 
Visual Basic for Applications (VBA), Visual 
Basic (VB), and other macro languages to 
create malignant applets that target Office 
applications exclusively. 

Additionally, VirusScan’s realtime scan¬ 
ning module sits quietly in the background, 
monitoring all disk I/O activity. Just for 
fun, I ran an executable infected with the 
Jerusalem virus. VirusScan immediately 
trapped the virus and displayed a notifica¬ 
tion message. I was also pleasantly surprised 
to see that the realtime scanner didn’t nega¬ 
tively affect system performance. 

VirusScan’s AutoUpdate module lets 
you easily retrieve new virus definitions if 
your computer is connected to the 
Internet. AutoUpdate is a shell script that 
connects to McAfee’s FTP server to 
compare file dates between the definitions 
on your hard disk and the ones on the 
server. If the file dates on the server are 
later than the ones on your hard disk, the 
script downloads an update module and 
installs it seamlessly. If you have a perma¬ 
nent Internet connection, you can even 
schedule AutoUpdate to retrieve updates 
automatically at preset intervals. 

You can access McAfee’s technical 
support department via a messaging forum 
on their Web page and by calling a toll 




■ Screen 5: 

Viewing the 

Norton AntiVirus 

user interface 


number. Users with a maintenance agree¬ 
ment (which is available at an additional 
cost) have access to a toll-free number. 
Ideally, McAfee needs a toll-free number 
for all customers, but the technical support 
staff seems to be competent, and they 
usually resolve problems in minutes. 

McAfee has improved VirusScan 
enough to give it the edge over competing 
Workstation virus scanners, giving it a 
permanent spot on my desktop. With its 
flexible scanning options and high virus 
detection rate, VirusScan is excellent insur¬ 
ance for any connected PC. For an addi¬ 
tional $95, the company offers main- 
tainence support for one year, free quar¬ 
terly disk updates for one year. 

Norton AntiVirus 4.0 

Symantec has just released a new version of 
this popular virus scanner for NT in time 
for this year’s roundup. Norton AntiVirus 
Version 4.0 is a bit older and a lot wiser, but 
the lack of new features is disappointing. 

Norton AntiVirus ships on a CD- 
ROM loaded with InstallShield. The soft¬ 
ware comes with a 30+ page manual filled 
with installation and execution instruc¬ 
tions, in contrast to the almost encyclope¬ 
dic manuals that come with Dr Solomon’s. 
Like the other programs in this roundup, 
Norton AntiVirus installs as a service and 
an application. Unlike the other programs, 
however, it lets you install it as a plugin for 
Netscape Navigator (Norton AntiVirus 
doesn’t support Internet Explorer’s 
ActiveX extension model). This feature is 
handy in fight of the growing popularity 
of the Web as a software delivery vehicle. 
The program requires a reboot when you 


complete installation, so make sure your 
data is saved and safe before you install 
the software. 

On the surface, Norton AntiVirus 4.0 
looks and feels like its previous version.You 
select which drives to scan by marking 
their respective check boxes and clicking 
the Scan Now button. As Screen 5 shows, 
Norton AntiVirus includes three check¬ 
boxes to scan all floppy drives, local drives, 
and network drives, making systemwide 
scans a bit easier to perform. Tabbed 
dialogue boxes categorise the comprehen¬ 
sive options list, so you can easily get to 
what you’re looking for without wading 
through a sea of menus. 

Unfortunately, Norton AntiVirus 
doesn’t support the task-based scanning 
method available in other virus scanners. 
Although you can specify certain files and 
directories to include in the scan list, the 
program doesn’t save them, making creat¬ 
ing customised scan tasks difficult. For 
example, both VirusScan and F-PROT let 
me create tasks to scan through my down¬ 
load and email directories daily. 
Performing the same customised scan with 
Norton AntiVirus requires manually scan¬ 
ning each directory. 

The scanning interface is straightfor¬ 
ward. A progress indicator shows which file 
the program is currently looking at, the 
number of boot records and files scanned 
so far, and the number of viruses cleaned 
and detected. Norton AntiVirus had no 
problem detecting 100 per cent of the 
viruses left in dropper (.exe and .com) 
format, but it choked on the viruses that 
had been zipped twice. Apparently, Norton 
AntiVirus checks archived files (including 
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The new Intel EtherExpress™ PRO/100+ 
PCI Adapter helps your network keep 
pace with your PCs. 

It’s time to stop wringing your 
network cable in frustration. Because 
the new Intel EtherExpress™ PRO/IOO+ 
PCI Adapter can squeeze the extra 
performance you need from your network. 

The PRO/100+ will help you create 
a faster, simpler and smarter network. 


results show that the PRO/100+ achieves 
this balance very successfully. It transmits 
the laige volumes of traffic generated by high 
performance PCs faster and more efficiently. 
Leaving the CPU’s to concentrate on 
software application tasks instead of 
network communications. So you benefit 
from the optimal capabilities of your PCs, 
while at the same time reducing traffic 
bottlenecks and improving productivity. 


Another innovative feature is Adapter 
Fault Tolerance software, which helps 
ensure continual network connectivity 
through a secondary back-up adapter. Any 
port failure will cause the second adapter to 
automatically take over and start transmitting 
packets with no loss of data or connections. 
Plus, like all Intel EtherExpress adapters, 
it can run at either 10Mbps or 100Mbps, 
automatically adjusting to the speed of the 


queeze even more from your network 


A network capable of optimising the 
increases in productivity, creativity and 
communication offered by today’s high 
performance PCs (such as those based on 
Intel’s Pentium® II processor). Because it’s 
no use having a Ferrari as a PC, if your 
network keeps giving it the red light. 



Whatever your NOS, this NIC automatically 
adapts for peak network performance 

Up to 30% gain in performance 

Just how much more can the 
PRO/100+ help squeeze from your 
network? Well, studies undertaken by the 
leading independent testing laboratory - 
LANQuesf, show that it outperforms its 
major competition by up to 32%. 

The Performance/Efficiency Index ratio 
they used, measured each adapters 
ability to sustain high throughput, while 
maintaining minimal CPU utilisation. The 


The first fully integrated 
single chip adapter 

It’s the innovative, breakthrough 
features of the EtherExpress PRO/100+ 
PCI adapter that help it deliver such 
outstanding performance. For a start, the 
PRO/100+ is the first, fully-integrated 
single chip adapter on the market. Based on 
breakthrough 82558 silicon technology, it 
integrates four adapter functions into a 
single chip design to deliver increased 
performance, through higher reliability and 
advanced functionality. 

Adaptive technology 

The adaptive technology built into 
the PRO/100+ further optimises per¬ 
formance. It helps ensure the right balance 
of high throughput and low CPU utilisation 
through a powerful Collision Reduction 
feature, which intelligently monitors 
network traffic and tunes itself for best 
performance. And unique to Intel adapters, 
it can also dynamically upgrade the silicon 
microcode. So you can easily take 
advantage of Intel’s advancements in 
silicon design and performance technology 
without costly hardware upgrades — 
ensuring continued peak performance. 


network. This allows you to migrate 
gradually to 100Mbps without changing 
the configuration or updating the drivers. 

Intel’s end to end range of 
Fast Ethernet solutions 

Intel’s range of hubs, server adapters, 
routers, switches and print servers are all 
part of our commitment to increase network 
performance and response time. So you can 
make the most of the growing power of your 
PCs and build a faster, simpler network. 


Respond now and give yourself 
30% better performance at 60% off 

The first 100 people to fax the number 
below, can purchase the new Intel 
EtherExpress™ PRO/100+ PCI Adapter 
for just $100 (normal price $250). That’s 
a mammoth saving of over 60%. A small 
price to pay for an adapter that can give 
your network such a big boost in 
performance. For more details fax us 
your business card on 1800 685 568 or 
visit us at the Intel web site below. 


NEfWSfc 


www.intel.com/apac/eng/network/au/fe 
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.pkzip, .lzh, .arj, and .rar), but it won’t look 
at archived files within archived files. Keep 
this point in mind if you double-zip files. 

The most important new feature in 
Norton AntiVirus 4.0 is the BloodHound 
heuristics scanning engine. Like McAfees 
Hunter engine, BloodHound focuses on 
polymorphic viruses. Unlike Hunter, 
BloodHound has three preset sensitivity 
levels, letting you choose the level of 
aggression it uses to weed out viruses in 
those hard-to-reach spots. BloodHound is 
every bit as effective as Hunter, detecting 
the 40 infected files that were not zipped 
twice.The program cleaned each file to my 
satisfaction. 

To provide scheduling functions, 
Symantec includes a copy of the Norton 
Program Scheduler with Norton Anti- 
Virus. Norton Program Scheduler is a full¬ 
blown task scheduler, supporting most 
programs that you might want to schedule. 
This program scheduler is much more 
intuitive than NT’s internal AT command. 
By default, the scheduler includes four 
event types: Display message, Run 
program, Scan for Viruses, and Run 
LiveUpdate. Scan for Viruses and Run 
LiveUpdate are self-explanatory; they are 
triggers for Norton AntiVirus. Display 
message, however, acts as a poor man’s 
appointment manager. When you enter a 
message and set a time and date, Norton 
Program Scheduler displays a dialogue box 
to remind you of appointments. Run 
program lets you create tasks to run at 
specified intervals. I used this tool to initi¬ 
ate weekly automatic backups of my data 
hard disk to CD-ROM. 

The logging functions in Norton Anti- 
Virus are first-rate. Activity logs are stored 
as text files that you view using Symantec’s 
log viewer. The log viewer includes filter¬ 
ing features to separate the superfluous 
information from the essential. 

The notification options in Norton 
AntiVirus are passable, but not much more 
than that. When the program detects a 
virus, it displays an onscreen message, 
sounds an alert, and forwards the alert to 
active Norton AntiVirus NetWare loadable 
modules (NLMs) on NetWare servers. I 
would like to see a pager and email notifi- 



Virus definition updates are available 
through Symantec’s proprietaryLiveUpdate 
tool, which requires a modem. If you have 
an active Internet account, you can send 
LiveUpdate to fetch updated definitions 
from Symantec’s FTP site. If your 
computer is not connected to the Internet, 
LiveUpdate will call Symantec’s toll-free 
BBS and download the updates. The 
company handles technical support, 
however, on CompuServe or via a toll tele¬ 
phone number. My experience with 
Symantec’s technical support department 
was favourable. They answered my ques¬ 
tions prompdy even when I was in the 
guise of a bumbling first-time customer. 

Norton AntiVirus 4.0 does not have 
many new features, but it’s still a good, solid 
virus scanner. Unless you keep ZIP files 
within ZIP files, investigate Norton 
AntiVirus as a possible virus scanner. Its 
clean interface and advanced features make 
it a great fit for any system. 

PC-cillin NT 1.0 

Touchstone Software’s PC-cillin has been 
a popular Windows 3.1 and Windows 95 
product for the past few years, winning 
multiple awards. With the help of Trend 
Micro,TouchStone has developed a version 
of PC-cillin for NT. PC-cillin NT ships 
with support for Win95 and NT on one 
CD-ROM. Unlike many other virus scan¬ 
ners, the wizard-based installation program 
performs a full system scan before copying 
its files to the hard disk. A full installation, 
consisting of the virus scanner and the real¬ 
time scanners, takes about 13MB of disk 
space. Other vendors take note: PC-cillin 


Repair Disk after installation. 

PC-cillin has the best interface of the 
products I tested for this review. Although 
aesthetics might not be as important 
virus scanning as it is in other genres, PC- 
cillin’s tabbed interface, shown in Screen 6, 
makes getting up to speed with the 
program simple. 

PC-cillin’s scanning engine detected all 
the zipped and unzipped viruses, but it 
stumbled on the double-zipped files. To be 
fair, double-zipping isn’t common, but 
scanner’s ability to handle such files makes 
me sleep better at night. Heuristics support 
is missing from the scanning engine, plac¬ 
ing PC-cillin a step behind those programs 
that provide that support. I hope future 
versions of PC-cillin will include a heuris¬ 
tics-based scanning engine. Anything the 
program detected, it cleaned immediately. 

PC-cillin’s scheduling service is rudi¬ 
mentary but adequate. Although you can’t 
set the virus scanner to kick in at prespec¬ 
ified intervals (such as multiple times per 
day or during idle times), you can have the 
program execute daily, weekly, or monthly. 

Smart Monitor, PC-cillin’s realtime 
virus scanner, is excellent and provides a 
high level of customisability. For example, 
from the Custom Monitor dialogue box, 
you can set the type of events you want the 
scanner to trigger itself on, the type of files 
to scan (including UUENCODED files), 
and the type of extensions to scan for. With 
this ability, you can easily retrofit PC-cillin 
for your working environment. Smart 
Monitor also logs all detected viruses, 
which is handy if you leave your PC unat¬ 
tended on occasion. 
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One of the most innovative features in 
PC-cillin is its integration with Netscape 
to provide online support. But rather than 
providing a link from the application 
proper to Netscape Navigator, or adding a 
bookmark to the browser, PC-cillin 
includes a copy of Navigator within the 
software program. This integration with a 
Web browser makes downloading patches 
and receiving the latest virus alerts easy. 

PC-cillin does most of the work of 
retrieving and installing updates behind the 
scenes, so you don’t need to worry about 
downloading the updates and installing 
them. TouchStone Software offers three 
methods of retrieving updates: from its 
toll-free BBS, from its Web site, and from a 
floppy. Installing the updates is as easy as 
clicking on the appropriate button. 
Unfortunately, you can’t schedule auto¬ 
matic updates, so you’ll have to retrieve 
updates manually. 

Finally, TouchStone Software offers 
electronic technical support. When you 


encounter a problem, you can fill out an 
electronic template that is sent directly to 
the developers. Turnaround time is esti¬ 
mated to be fewer than 48 hours. Although 
this solution is less elegant than traditional 
telephone-based tech support, it’s better 
than posting a message on an open forum. 

Overall, PC-cillin is a good, solid virus 
scanner with some innovative features that 
the antivirus field has never seen before. 
The lack of a heuristics-based engine is a 
problem if you anticipate encountering 
macro viruses. This oversight aside, PC- 
cillin NT has a lot about it to like. 

Editor's Choice 

Surprisingly enough, I didn’t find a bad 
apple in the bunch. I would gladly install 
and use any of the virus scanners I tested in 
this review. However, only two programs 
excelled enough to get my vote for Editor’s 
Choice: McAfee’s VirusScan and 

Symantec’s Norton AntiVirus. 

With their excellent detection rates, 


user interface, and automatic update 
features, McAfee VirusScan and Norton 
AntiVirus passed my acid tests with flying 
colours. Additionally, both VirusScan and 
Norton AntiVirus had the edge over their 
competitors because of their heuristic- 
based scanning engines. By employing 
heuristics technology, Symantec and 
McAfee have some additional insurance for 
the future. 

The only feature keeping InocuLAN 
out of the Editor’s Choice race is the lack 
of heuristics scanning in the version of the 
software that I tested. InocuLAN’s superior 
notification features stood head and shoul¬ 
ders above both McAfee VirusScan and 
Norton AntiVirus, and you can’t beat the 
price. With the inclusion of a heuristics- 
based scanning engine, InocuLAN will 
definitely be a contender. Dr Solomon’s 
Anti-Virus also fared well in testing, but 
the quarterly update plan and relatively 
high price took it out of the running. 

- Jonathan Chau 



ImageCast 

The fastest way to 
set up and configure PC’s 
across a network 

SAVE TIME SAVE RESOURCES SAVE MONEY 


Operating under WIN 95*, NTFS*, FAT32*, 0SR2* (WIN95*), and 
UNIX*, ImageCast* represents a Technicians or IT Manager's dream 
come true. Its graphical user interface makes it the easiest and fastest 
way to duplicate and distribute images across the network. After the 
image is transferred the target system contains a perfect clone of the 
original image. This means you can set up a room full of new computer 
systems complete with the same operating system and applications in 
just minutes! 


Client Application 

• Create and copy images to networks 

• Image file compression with user configurable compression ratios 

• In-process image duplicatioon statistics are displayed 

• Supports a wide range of )/S and partitioning 

• Creates complex back-ups of discs including copying of in-use system 
files which are used by other back-up utilities 

• Removable media support 

• Client IP adress configuration 
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For other product details, 
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HiNote Ultra 2000 


Digital 


A truly portable desktop alternative 


High-end notebooks are rapidly reaching their physical 
limits, at least as far as comfort is concerned. No longer 
do you have to put up with seven inch screens, or minia¬ 
ture keyboards that cramp your style. Digital’s HiNote 
Ultra 2000 is an example of this. 

Providing a 14.1 inch active matrix (TFT) screen, the 
Ultra 2000 is marketed by Digital as a desktop replace¬ 
ment that’s targeted exclusively at the high-end. Then 
again, it would have to be with a price tag of $12,500. 
So what do you get for this? 

Well apart from the desktop-sized screen 
and keyboard, you also get a 166MHz 
Pentium MMX processor, 32MB of EDO 
(Extended Data Out) RAM and a 2.1GB 
hard drive, as well as a Lithium Ion battery 
and built in 33.6Kbps modem. 

Unlike previous Ultra models, the 2000 
also has a built in smart bay that accepts 
either a floppy drive or CD ROM module. 

This makes travelling with it somewhat eas¬ 
ier than before, as the previous models 
had a solid CD ROM base that 
attached to the bottom, or a small¬ 
er, angled floppy drive base that 
made the keyboard tilt when 
seated upon it. 

Unfortunately I found 
myself missing this floppy base, 

Ultra 2000 has no stands, nor a pop up keyboard, 
ing that it isn’t an ergonomic dream to type on. While it 
does have a large palm rest and an easy to use trackpad, it 
suffers another problem in that the trackpad’s buttons are 
too close together, making them difficult to use. 

However, this discomfort is somewhat compensated 
by the clarity of the screen, which is capable of displaying 
a resolution of up to 1024 x 768 and a 24 bit colour 
scheme. For multimedia freaks a 20X CD ROM module 
is also provided. 

As with previous HiNote Ultras, the notebook’s prize 
feature is its slimness, with a width of just 37 mm. Its 
weight is also predictably low at 2.5 kg, while another 
feature that aids portability is its lightweight AC adapter 
which is half the size of most others. 

Performance wise the notebook posted good scores 
on our benchmark tests, which was no doubt helped by 
the 512K of secondary cache. However, it isn’t the fastest 



notebook around, especially when compared to the 
233MHz high-end notebooks that are now becoming 
available. Still, if you need something for mobile word 
processing then this would be more than adequate. 

As with most high-end notebooks the Ultra has a 
Lithium Ion battery, which offers more battery life than 
the cheaper Nickel Metal Hydride ones. In our tests, the 
Ultra’s battery lasted for almost 3 hours of continuous 
use, which is good for a notebook that has such a large - 
and potentially power draining - screen. 

However, in travelling 
with it I found another prob¬ 
lem with the battery, namely 
that for some bizarre reason it 
seemed to automatically dis¬ 
connect itself even though it 
was firmly in place. While I 
found a solution after a while 
- namely hitting it forcefully - 
it didn’t exactly fill me with 
confidence. 

Last but not least, a separate 
Multimedia Dock and Port 
Replicator is available for the 
notebook. 

The Multimedia Dock provides a 
three speaker 3D audio system 
(which essentially means that it has 
surround sound), Universal Serial Bus 
(USB) ports, connectivity to a television 
and lock-down security. Weighing in at less than 1kg and 
a thickness under 20mm, it’s priced at $1530. 

The Port Replicator is somewhat cheaper with a price 
of $280. As with the Multimedia Dock it supports hot 
docking, an AC port and a battery charger. 

Overall, the Ultra 2000 is a good performer which, 
apart from a flat typing surface, acts as a good desktop 
replacement. If mobility is more important to you than 
pure processing grunt, then this is certainly worth a look 
— provided you have the cash. 

- Dan Kaufman 


r] $12,500 


I CONTACT: I Digital: 02 9561 5252 

http://www.digital.com.au 
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MANAGEMENT 

Win the Information Technology war with our range 
of quality network management products... 



Software Meter IT 



CentaMeter monitors application software 
use and allows you to determine the optimum 
number of licenses required to minimise your 
software costs and also ensure you have 
adequate licenses to avoid prosecution for us¬ 
ing illegal software — either way CentaMeter will 
save you time and money in managing your 
software. 

If you have enterprise license agreements in 
place with the big name suppliers - you still need 
to be able to prove in an audit how many copies 
are actually used in your organisation - you still 
need CentaMeter. 

You cannot plan your licensing decisions un¬ 
less you are measuring the way applications are 
being used. 

• Avoid possible litigation by the Business Soft¬ 
ware Association of Australia (BSAA) and in¬ 
dividual software vendors 

• Comprehensive reporting facilities allow you 
to view daily localised or periodic enterprise 
license utilisation 

• Licenses can be allocated by computer name, 
user name or work-group name 

• Inactive reminder encourages users to close 
down unused applications left open on the 
desktop 

• Optimises between stand-alone licenses and 
suite licenses to ensure the least expensive 
application license is in use 

• Departmental costing for application usage on 
a per access, time usage or combination us¬ 
age basis 

• Queuing allows users to request the next avail¬ 
able license for an application 

• Control extracurricular computing such as 
games and excessive web browsing 

• Optional integration with Microsoft SMS 

• Supports all network types 

• Agents for DOS, Windows 3.x, Windows 95 
and Windows NT clients 


Visit www.pixel.com.au 


Quota Server for Windows NT allows you, 
from within your File Manager or Explorer, to set 
disk space quotas on files and directories on your 
server and define a variety of actions that shall 
occur when certain threshold levels are ex¬ 
ceeded. 

Quota Server comes with a powerful graphi¬ 
cal monitoring facility that lets you, on-line and 
in real-time, overview your current disk situation 
using equaliser-like graphics to give you an im¬ 
mediate view of how much disk space has been 
utilised by your users. 

Customised views allow you to monitor any 
combination of disk object quotas in the man¬ 
ner that suits your needs. 

Quota Server will free your time from disk 
maintenance tasks and make users responsible 
for their own disk space. 

• Multiple servers can be configured and moni¬ 
tored from any Windows NT system 

• Three levels of threshold notification based 
on percentage of disk quota can popup or e- 
mail the user, administrator, run a batch job 
or activate pagers etc. 

• Disk objects can be locked/unlocked on an 
ad-hoc basis 

• Completely real-time event based, Quota 
Server is called upon only when a disk object 
is altered and does not impact server re¬ 
sources 

• Monitor presents disk space use in graphic- 
equaliser form, and has symbols for all locked 
objects 

• Sort objects according to quota size, current 
size, locked objects etc. or double click an 
object to alter its settings 

• Includes report generation and export of quota 
information for accounting systems 

• Batch operations for setting thousands of quo¬ 
tas with a single command 


NetSupport Manager provides Help Desk staff 
with on the spot support to end users across the 
building or across the world. 

What sets NetSupport Manager apart from the 
competition is its speed and security, with over 
a dozen security features including multiple lev¬ 
els of password protection and encryption en¬ 
suring that no one will be able to illegally moni¬ 
tor a client screen making secure remote con¬ 
trol even over the Internet now possible. 

Help Desk staff can immediately see what the 
problem is in real time and focus on resolving 
the issues rather than trying to understand the 
problem whilst the user attempts to describe it 
to them. 

The result is faster problem resolution, a more 
effective support desk, ultimately reducing sup¬ 
port costs and improving client satisfaction. 

• Watch, Share or Control the screen, keyboard 
and mouse of any machine on your LAN or 
WAN or stand-alones via dial-up, ISDN or di¬ 
rect serial link. 

• Multiple simultaneous connections using any 
combination of TCP/IR IPX/SPX, NetBios or 
NetBeui. 

• Display the Control’s screen on individual or 
multiple Clients making it the ideal training tool 
for the network environment. 

• Dynamically find and list all Clients on the net¬ 
work and connect by Client Name; Network 
Address; database of known Clients or con¬ 
nect to entire groups in a single step. 

• Remote reboot and login for Windows NT. 

• Broadcast a Control’s screen to multiple cli¬ 
ents as an effective training tool 

• All video modes supported to 16.7 million 
colours 


for details on our full product range and 
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LapLink for Window NL 7.5 


Traveling Software 


More than just a file transfer program 

Moving files from one system to another is an arduous 
chore. If you use a desktop system at work and a laptop 
system on the road, synchronising the two machines is 
difficult. Traveling Software’s LapLink for Windows NT, 
7.5 has a solution. 

More than just a mere file transfer program, LapLink 
offers numerous advanced features including file transfer 
over network connections and remote control of remote 
computer systems. 

The LapLink NT installation automatically starts a 
remote control service on system startup. This service is 
the reason you need to reboot after installation. 
Rebooting activates TSI Remote Control, which lets 
remote administrators connect to your machine at any 
time (even before you log on) to perform maintenance 
or invoke file transfers. 

During installation under NT, LapLink also installs the 
LapLink Scheduler into your Startup program group. 
This utility will automatically perform file transfers as 
unattended background operations. For example, the 
Scheduler can download or upload a new data file at 
3:00 a.m., without interrupting your sleep. 

An annoying aspect of the installation is that it assigns 
a machine name to the system. This is the name that 
appears in a list of available hosts when you establish a 
connection to a LapLink system. By default, the installa¬ 
tion program automatically selects the name of the per¬ 
son who is logged on to the machine. 

I log on as “mdeignan.”The install program selects this 
username rather than selecting the NT Server or NT 
Workstation machine name. In a large environment 
where several people share a machine or a user moves 
among several machines, usernames are not very useful. 
For example, if I install LapLink on several machines, 
each ends up with the same name. This situation can be 
a problem when someone tries to figure out which 
machine named mdeignan to connect to remotely. 
Luckily, you can type over the default name with the 
machine name. 

LapLink supports remote control capabilities, auto¬ 
matic synchronisation, and machine-to-machine chat. A 
single application integrates all of these functions. 

Launching the application brings up a blank window 
with a menu bar and toolbar. The toolbar buttons repre¬ 
sent several different methods to connect to remote sys¬ 
tems. For instance, you can use Dial-Up Networking 
(DUN) to connect over the Internet, or you can connect 



■ SCREEN 1: 

Launching a remote control session 

over a parallel or serial port. If you have a LAN running 
IPX orTCP/IP, you can use your LAN link.You can also 
connect over a wireless network connection.You control 
the available options by going into Port Setup, which lets 
you enable a topology that doesn’t activate by default. 

Configuring security is an important step to complete 
when you launch the application. By default, the soft¬ 
ware installs as a private system. Nobody will be able to 
connect to your machine, but you can connect to remote 
systems (as with an outbound-only option, which lets 
you originate connections to remote systems, but pro¬ 
hibits other people from connecting to your machine). If 
this option suits your needs, don’t make any changes. 
Alternatively, you can make your system protected by 
giving LapLink a series of usernames and passwords 
(totally separate from NT’s usernames) that you can use 
to access specific resources. You can also make your sys¬ 
tem public and let anyone access it. Remember that 
when accessing an NT machine, you still have NT secu¬ 
rity to protect the system even while permitting access 
to multiple LapLink users. 

When you connect to a remote system, you specify the 
type of connection, either file transfer, remote access, or 
chat. The file transfer window displays two panels: one 
represents your local system, and the other represents the 
connected remote system. You can move files between 
the two systems (or panels) by clicking on the files you 
want to move and dragging them to their destination. 

A LapLink feature related to file transfer is the 
Xchange Agent. This feature lets you automatically syn¬ 
chronise folders between two machines. A wizard guides 
you through the configuration process. It guides you in 
selecting folders and taking the right steps when a file 
already exists or has multiple versions. After the wizard 
finishes, you can begin the process immediately, or you 
can schedule the process through the Scheduler. 

LapLink’s remote control feature is useful, especially 
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for NT Servers located some distance away. Launching a 
remote control session opens a window echoing the 
remote systems screen on your screen, as Screen 1, 
shows. After the session opens, you can move around the 
window, click on icons, launch programs, or use the Start 
menu. Anything you need to do locally on the machine, 
LapLink accomplishes remotely. The remote system mir¬ 
rors all actions, so a user present at the remote machine 
can follow your actions. 

LapLink s remote chat utility lets you have a keyboard 
exchange with a remote user. Help desks can use this fea¬ 
ture to show remote users the steps for completing tasks 
on their own. 

Several other features of LapLink are noteworthy. The 
program offers complete compatibility with Win95 and 
Windows 3.1 .You can interact between any combination 
of machines. If you use long filenames on your NT or 
Win95 machines, LapLink automatically manages the 
names if you connect to a Windows 3.1 machine and 
vice versa. If you route your connection over the 
Internet, LapLink offers full data encryption for all traf¬ 
fic. Furthermore, LapLink uses a form of adaptive com¬ 
pression based on your link connection speed to aug¬ 
ment its performance. 


A Handy Tool 

LapLink for Windows NT, 7.5 is a useful tool for trans¬ 
ferring files between systems. The remote control capa¬ 
bilities are extremely useful if you are an administrator 
and need to access a user’s remote system. Of course, 
other NT utilities that duplicate LapLink’s features are 
available. For instance, both the remote control and inte¬ 
grated chat features come with Microsoft’s Systems 
Management Server (SMS). So if you already use 
BackOffice, purchasing LapLink may not be worth the 
cost. However, LapLink performs remote control from a 
laptop over a Remote Access Service (RAS) connection, 
which you can’t do easily with SMS Administrator. 
Therefore, even in environments where alternative tools 
exist, you may still find a use for LapLink. 

- Michael P. Deignan 
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LVS 4500RAID Storage System 


Amdahl 


Store and retrieve data on multiple host platforms 

Amdahl means business with the LVS 4500 RAID 
Storage System. Designed to be the top of the line, this 
system comes with features such as support, perfor¬ 
mance, high availability, flexibility and flexible manage¬ 
ment abilities. 

When the going gets tough as numerous users access 
huge databases, the LVS 4500 RAID storage system gets 
going. The system’s hard disks connect to disk interface 
processors, which communicate over five internal buses 
to the Logical Storage Modules (LSMs). Each LSM has 
256MB of high-speed cache memory and can achieve 
throughput rates of up to 80Mbps. Other technologies 
that let the system effectively perform during critical 
times include differential SCSI-3 technology, fibre chan¬ 
nel connectivity, intelligent caching, and hardware RAID 
parity calculations. 

Amdahl designed the LVS 4500 not only for perfor¬ 
mance but also for protection. This storage system pro¬ 
tects your data, from the host system all the way to the 
hard disks. You can configure this system to use RAID 
levels 0,1, 3, 5, or 1+0 in any combination to store the 
data.You can even configure a global hot-spare hard disk 
to automatically replace a failed disk, letting you contin¬ 
ue operations without interruption. 

Amdahl has protection mechanisms for any contin¬ 
gency. To prevent data loss in a power failure, the LSMs 
have 72-hour battery backup. To prevent data loss in the 
event of an LSM component failure, each cache auto¬ 
matically mirrors to another cache on a 
different Availability Manager controller over a high¬ 
speed channel. In the event of a problem with a total 
LSM failure, including the cable to the host system, the 
LVS 4500 uses Amdahl’s LifeKeeper monitoring software 
to redirect the data I/O to another LSM. (Amdahl 
includes this software with the system.) All active com¬ 
ponents are redundant and hot swappable, so you can 
replace them without affecting operations. 

Upgradeable to Meet Changing Needs 

The LVS 4500 is an expandable system. Each LVS 4500 
enclosure can house up to 20 hard disks, including the 
latest 9.1GB Seagate hard disks, to give you 182GB of 
online storage. If you need more storage, you can add a 
Storage Expansion Module (SEM), which gives you 
room for 10 more disks and 273GB of online storage. If 
you have extremely large databases that must be online, 
you can hook up a maximum of three systems in a data 
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LVS 4500 RAID Storage System 

centre cabinet for a total of 90 online hard disks with 
819GB of storage. You can buy the LVS 4500 with as 
much as 256MB of cache memory per LSM, giving you 
up to 128MB of mirrored cache memory or the full 
256MB cache if you turn the mirroring off. Because 
Amdahl supports this system on multiple host platforms, 
you can even change platforms but keep your storage 
system. 

To increase LVS 4500’s performance, you can upgrade 
to solid-state disks. SSDs take the mechanical aspects of 
retrieving data out of the picture by using computer 
memory modules in place of a physical hard disk. Thus, 
they increase the data transfer rates from slow mechani¬ 
cal speeds to much faster electrical speeds. Although 
SSDs increase performance substantially, they are more 
expensive than hard disks. 

You can also upgrade the LSMs to support Fibre 
Channel technology. Currently, the system supports only 
point-to-point links. Amdahl will support arbitrated loop 
and fabric switch links in the near future. With Fibre 
Channel, the LVS 4500 can achieve data rates of 
200Mbps between the storage system and the host. 

The LVS 4500 comes with two flexible, easy-to-use 
management software packages: A+LVS and 
A+LVS/NetDirect. A+LVS lets you configure the stor¬ 
age system, check its status, and adjust recovery options. 


LIST PRICE^] $130,000 

"'contact: | Amdahl 02 9561 9999 

http://www.amdahl.com 

20 Seagate 9.1G8 Barracuda hard disks 
2 Availability Manager (SCSI) controllers 
each with 320MB of RAM 


SYSTEM 

CONFIGU¬ 
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A+LVS/NetDirect lets you configure the storage system 
from anywhere in your network. 

Check It Out 

The system I reviewed came with twenty 9.1GB Seagate 
hard disks and two Availability Manager controllers with 
320MB of memory per controller. Amdahl originally 
configured this system for use in a dual-system cluster. I 
reconfigured the LVS 4500 for use in a single-host system 
and used an Amdahl EnVista Server Model FS and two 
Adaptec 2944 Ultra SCSI controllers to test it. 

Installing the LVS 4500 was fairly easy. I encountered 
some initial installation problems, but I quickly resolved 
them by talking with Amdahl’s support personnel. I 
began by installing the two Adaptec controller cards, 
connecting the cards to the LVS 4500 with long SCSI 
differential cables, and turning the system on. I then 
booted the server and installed the A+LVS software, 
which installed a system driver, the Disk Array Monitor 
NT service, and the RAID Manager software. Once 
again, I had to reboot the system because I had installed 
a system driver and NT service. 

When the system came back up, I selected the config¬ 
uration option in RAID Manager and reconfigured the 


system the way I wanted it. I made one disk a hot-glob¬ 
al spare, selected the number of disks I wanted to use and 
set up a RAID 5 configuration. The system then auto¬ 
matically selected the best configuration for this setup. (If 
I wanted, I could have overridden this setup and manu¬ 
ally selected disks and buses.) Next, I used the NT Disk 
Administrator to partition and format the array. Finally, I 
installed SQL Server onto the array. 

The storage system worked as intended. The software is 
easy to use and gives you a lot of control over the system. 

Overall, this system and with the professionalism of 
Amdahl support personnel impressed me. If you need a 
disk subsystem that is fast, fault-tolerant, upgradeable, and 
easy to manage, the LVS 4500 is worth checking out. 
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pushing the pace for file sharing performance 


File Services 


the Windows NT Magazine Lab handed me this hot assignment: 
performance benchmarks for Microsoft Windows NT Server 4.0 and 
NetWare 4. 7. Why is this topic so hot? Because chances are really good 
at least one of two industry giants will not like the results. Undaunted by 
prospect of attracting the wrath of a major corporation, I gathered up my 
and headed to the Lab’s speedway. 
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network that simulates the workload of multiple users. (For* 
details about the Lab’s test environment, see the sidebar, 
“The Benchmarking Speedway,” page 49.) One server, run¬ 
ning either NT Server 4.0 or NetWare 4.1, tackled the 


workload of the client machines. Because I wanted to test 
file-sharing performance, I employed Bluecurve’s 
Dynameasure for File Services 1.5 as the workload engine. 
The combination of Dynameasure and the Lab’s test envi¬ 
ronment let me simulate workloads that users typically per¬ 
form and pinpoint potential bottlenecks to ensure that I 
stressed the server, not the network or clients. After a month 
of testing and reviewing reams of data, graphs, and tables, I 
determined a clear winner: the checkered flag goes to.. .NT 
Server 4.0! 


Preparing the Track 

I wrestled with several background issues going into these 
tests. My biggest concern was how to create a fair compara¬ 
tive evaluation. Different people often have different priori¬ 
ties when they evaluate a product. For example, when my 
wife and I decide to buy a new car, we define our needs and 
select criteria (e.g., price, speed, appearance, hauling capacity, 
headroom) to measure a car’s potential value. Even if we 
agree on the criteria, we don’t always agree on the impor¬ 
tance of each item; picking a clear, overall winner is difficult. 
Fortunately, we agree that one criterion outweighs all others: 
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performance. 

Performance is also a primary criterion 
that people use to evaluate file servers. 
Although other factors (price, support, 
compatibility, interoperability, etc.) matter, 
performance is of utmost concern. I based 
my evaluation and conclusion on only how 
well NT Server 4.0 and NetWare 4.1 per¬ 
formed in the Lab’s test environment 
under Dynameasure for File Services 1.5. If 
criteria other than performance are more 
important to you (e.g., your primary con¬ 
cern is to find a file server operating system 
that runs on a 386), you might come to a 
different conclusion. 

The Speedway Judges 

In the performance tests, I measured three 
main areas: throughput, average response 
time (ART), and motors per step (MPS). 
Throughput (measured in kilobytes per 
second—KBps) is the total number of 
bytes all the motors copy during the mea¬ 
surement phase of a step divided by the 
elapsed time of the measurement phase. 
Throughput measures system capacity. The 
type of transaction, the number of motors, 
and the hardware capacity of the system 
influence throughput. Higher throughput 
means greater system capacity. 

ART is the average time in seconds to 
complete a transaction during the mea¬ 
surement phase of each step. ART mea¬ 
sures the speed of the test system.The type 
of transaction, the number of motors, and 
the hardware capacity of the system also 
influence ART. Lower ART means the 
system is faster. 

The third measurement, MPS, is the 
number of motors that report results for 
each step of the test. MPS measures the 
total number of assigned motors in a step 
that complete the transaction. MPS is a 
direct measure of load on the system. 
Higher MPS means greater load. 

I approached the benchmarking 
process as if I were testing two unique rac¬ 
ing teams and pit crews. Each team (NT 
and NetWare) used the same physical track 
(the Lab’s network) and the same physical 
cars (clients and motors). Each team had 
equal time (about 16.5 minutes) to com¬ 
plete as many laps as possible (throughput). 

I tracked average lap times (ART) and the 



■ Screen 1: 

Viewing throughput 
and ART results for the 
warm-up tests 


■ Screen 2: 

Viewing throughput 
and MPS results for 
the warm-up tests 


number of cars that completed the race in 
a given time frame (MPS). 

Start Your Engines 

Establishing a test environment that could 
run both NT and NetWare was the first 
order of business. For the test server, I used 
a generic PC clone with the following 
hardware configuration: a 120MHz 
Pentium, 64MB of RAM, a master 2.1GB 
hard disk (EIDE), a slave 2.1GB hard disk 
(EIDE), and a Novell NE 2000 Socket EA 
network adapter. Software configuration 
included NetWare 4.1 with 10 license 
connections and NT 4.0 with Service Pack 
3 (SP3). I partitioned the slave 2.1GB hard 
disk into two equal areas—one for NTFS 
and the other for Novell’s file system. I 
added this test system to the Lab test envi¬ 
ronment to measure performance with the 
Dynameasure software. 

I chose six of the Lab’s clients, running 
NT Workstation 4.0, as my user testbed. I 
configured each client with eight or nine 


motors to simulate a total of 50 network 
users. NWLink IPX/SPX bound all client 
adapters. I performed some preliminary 
tests with both the Microsoft NetWare 
client/protocol software and the Novell- 
supplied NetWare client/protocol soft¬ 
ware. I used the same testing specifications 
I planned to use for the benchmark tests, 
and I saw no performance difference 
between the two client/protocol software 
products. Throughout the benchmark per¬ 
formance tests, I used the Microsoft 
client/protocol software. 

Time Trials 

I ran several initial Dynameasure tests just 
to warm up the track. At this point, I want¬ 
ed to identify any botdenecks that could 
affect the results. In particular, I wanted to 
eliminate the possibility that the client sys¬ 
tems or the network bandwidth could 
degrade performance. The warm-up tests 
ran the Dynameasure for File Services 
Copy All Bidirectional test configured for a 





































r The Benchmark Speedway 

The Windows NT Magazine Lab's test environment includes the following hardware and software: 

The Primary Domain Controller (PDC) is a Digital Prioris HX 5133DP, with 64MB of RAM, dual 
133MHz Pentiums, and a 1GB hard disk. Bluecurve Dynameasure's Control Client and Control Server 
agents reside on an IBM PC Server 704, with a quad 200MHz Pentium Pro configuration and 256MB 
of RAM, a 500MB hard disk, a 2GB hard disk, and an Adaptec (4-port) PCI adapter. The servers 
run Windows NT Server 4.0 with Service Pack 3 (SP3). A Cisco Systems Catalyst 5000 configured 
into four switches provides connectivity. A Sonic FastBridge 10/100 connects the Novell NE 2000 to 
one of the Cisco switches (lOBase-T to 100Base-TX). 

Thirty clients running NT Workstation 4.0 connect to four separate repeaters, which in turn 
connect to the Cisco. A Compaq Netelligent 11108 100Base-TX Class II repeater connects to six 
Compaq Deskpro 510 workstations. A Cogent S-1200 TX 100Base-TX Class II repeater connects to 
seven Digital Venturis FX 5133 workstations. Ten MicroSys (local vendor) workstations connect to 
another Cogent S-1200. A third Cogent S-1200 connects to two HP Vectra LV Series 4 
workstations and five DTK Computer workstations. All clients have at least a 100MHz Pentium 
and 32MB of RAM. 

The Lab uses Dynameasure Enterprise 1.5 from Bluecurve (http://www.bluecurve.com) to test 
SQL Server and file-sharing performance. Each physical workstation can run from 1 to 25 motors; 
thus, one system can generate the load of 25 clients. In testing enterprise-level technology, 

40 systems generate a real-world workload of 1000 network users. This capability provides a realistic 
enterprise test environment and quickly pinpoints a network's strengths and weaknesses. 


5.6MB dataset; a 1KB block size; 10-sec¬ 
ond think time; and 6 steps, with the fol¬ 
lowing number of motors assigned to 
each step: 5,10, 20, 30, 40, and 50. 

The Copy All Bidirectional test con¬ 
sists of 16 different transactions in which 
compressed data, uncompressed data, 
binary files, text files, and image files are 
copied between the server and the clients. 
Based on this test (and with help from 
Bluecurve’s technical support team), I was 
able to ensure that I was not overstressing 
the client workstations or the network. 
The summary reports for NT and 
NetWare showed that server performance 
began to degrade after reaching approxi¬ 
mately 25 motors—throughput leveled 
off, ART rose, and MPS declined. 

During these warm-up tests, NT vast¬ 
ly outperformed NetWare, as the 
Dynameasure graphs in Screen 1 and 
Screen 2 show. In Screen 1, the left graph 
displays throughput, and the right graph 
displays ART. Screen 2 displays through¬ 
put in the left graph and MPS in the right 
graph. NT maintained higher throughput, 
lower ART, and higher MPS in these tests. 

For several reasons, the Lab had 
hypothesized that NetWare would have 
higher throughput and be faster during 
certain types of transactions (such as 
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( Windows NT Server 4.0 ) 


Contact: Microsoft • 02 9870 2200 

Web: http://www.microsoft.com.au 

Price: $1695 for 10 users 

System Requirements: 

16MB of RAM 
CD-ROM drive 

VGA, Super VGA, or video graphics adapter 
compatible with NT Server 4.0 

Intel-based systems: 

486 33MHz or greater, Pentium, or Pentium Pro 
125MB available hard disk space 

RISC-based systems: 

RISC processor compatible with NT Server 4.0 
160MB available hard disk space 


copying small files). For example, 
NetWare 4.1 includes Packet Burst tech¬ 
nology, which lets a server transmit sever¬ 
al packets in a burst, without waiting for 
verification that each packet has been 
received. NetWare 4.1 also supports Large 
Internet Packets, which lets the server and 
workstation communicate using the 
largest possible frame size. 

The Copy All Bidirectional test 
includes eight different types of data, with 
two files for each data type: one file for 
client-to-server transactions and one file 


Intel MIPS Alpha PowerPC 


( NetWare 4.1 ) 

Contact: Novell • 02 9925 3000 
Web: http://wwwoz.novell.com.au 

Price: $3058 for 10 users 

System Requirements: 

386-based PC or greater 8MB of RAM 
115MB available hard disk space 


for server-to-client transactions. Because 
the type of transaction influences the 
three benchmark measures, I decided to 
break out individual transactions and 
compare the results to get additional 
information. This view of the data would 
let me compare server performance based 
on the type of transaction each server 
completed. 

Much to my surprise, the detailed re¬ 
sults from the tests revealed that for every 
type of transaction, NT outperformed 
NetWare in throughput, ART, and MPS. 
The closest throughput values for NT 
and NetWare occurred during step 5 of 
the Copy Compressed Text Bidirectional 
test: 406KBps for NT and 401 KBps for 
NetWare. During that step, NT’s ART 
(0.17 seconds) was faster than NetWare’s 
ART (0.51 seconds). The largest gap in 
throughput values occurred during step 6 
of the Copy Data Bidirectional test: 
1.21MBps for NT and 298KBps for 
NetWare. At that point, NT 4.0’s ART (29 
seconds) was more than five times as fast 
as NetWare’s ART (166 seconds). In all 
tests, both network operating systems had 
the same MPS values, which matched the 
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Get Cheyenne 
; AXserve... FREE! 

JT version out now 

heyenne Software is pleased to offer readers of 
heyenne News a five-user licence of its FAXserve 
etwork fax server FREE. 

To qualify for the free software, purchase an 
iocuLAN or ARCserve licence before January 31st. 
end us your purchase order and Cheyenne will 
end you a five-user version of FAXserve.* 
Recently released for Windows NT, the soft¬ 
ware is designed specifically to integrate with the 
widest variety of Windows applications enabling 
Aicrosoft Excel and Word users to send faxes 
lirectly from these programs without having to 
earn a new interface. 

FAXserve for NT and NetWare provides a univer- 
al in-box for e-mail and faxes. Users simply use 
heir existing e-mail program to send, receive, 
ind manage their faxes. Extensive support for a 
vide selection of high-end fax boards and low- 
:ost modems makes FAXserve an ideal solution for 
ooth large and small businesses. Simple installa¬ 
tion and streamlined administration tools ensures 
the lowest overall cost-of-ownership in the fax 

FAXserve for Windows NT offers extensive 
features for large-scale enterprises including: 

• centralised administration of multiple servers; 

• batch setup of large numbers of users; 

• comprehensive inbound fax routing capa¬ 
bilities; 

• fax broadcast/narrowcast and; 

• support for popular ISDN cards, multi-port 
serial boards and, high-density/intelligent fax 
boards, including those from Brooktrout and 
GammaLink 

In addition, each of FAXserve’s distributed com¬ 
munications servers can host up to 32 channels for 
maximum scalability. 

Other key features of FAXserve for Windows NT 
include: multiple language support; remote 
server administration; complete ODBC-compliant 
database support; an SMTP Fax Gateway option; 
and a Least Cost Routing (LCR) Option for Internet 
and intranet environments. 

For more information on the offer, call 
1800 635 519. 

* The offer comprises one five-user copy of 
FAXserve only, irrespective of how many licences 
of ARCserve or InocuLAN are purchased. 


ARCserve 6.5 for NT Arrives 


Cheyenne has released version 6.5 of its award-winning backup 
software ARCserve for Windows NT, adding a host of enhance¬ 
ments that let the software protect mainframe data and use new 
robotic tape devices. 



RCserve 6.5 is the only 
backup product to bridge 

the gap between NT and 
the enterprise,” said David 
^ Thrum, Cheyenne’s 
Assistant Vice - 
President for 
Australia and New 
Zealand. “This is a 
product at least 18 
to 24 months ahead 
of the competition 
and one that will 
cement our lead in the 
backup market.” 

New features include 
end-to-end intelligent 
data compression, sav¬ 
ing 40 percent of the 
space on backup 


ARCserve 6.5 can scale from the 
to the enterprise. 


media and increasing performance 
across the network. Backup data, which 
can be compressed at the server or by 
Windows client agents, 
remains dormant if 
hardware compression 
is active. 

ARCserve 6.5 can 
be installed simulta¬ 
neously on multiple 
servers and work¬ 
stations from a 
single point on 
the network. 
Single point par¬ 
allel installation 
enables administra¬ 
tors to deploy stor¬ 
age management 
Continued page 4 > 


Microsoft Standardises on InocuLAN 


Microsoft, Samsung, EDS and Novell all choose InocuLAN 


heyenne’s InocuLAN has 
selected 

worldwide anti-virus tool 
of choice by Microsoft, 
^Novell, Samsung and global out¬ 
sourcer EDS. 

Microsoft will deploy the software on 
more than 90,000 PCs and servers 
worldwide, after a competitive review 
of anti-virus software found 
Cheyenne’s superior macro virus 
detection abilities and virus signature 


updating made it easier to manage in 
large networked enterprises. 

“In addition to offering a sophisticated 
virus detection and cure, InocuLAN also 
gave us solid enterprise-level implementa¬ 
tion facilities and very tight integration 
with Microsoft’s desktop, server, and mes¬ 
saging system platforms,” said Jane 
Huxley, Microsoft Australia’s Server 
Applications Manager. 

Novell has endorsed InocuLAN as its 
Continued page 4 > 
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Corporate Virus Sabotage 


eliberately infecting 
rival companies with 
viruses is the latest cor- 
porate espionage trick, 
according to Australia’s lead¬ 
ing computer security consultant 
Stephen James. 

A “professional penetrator,” 

James conducts authorised hacking 
attacks on his clients. Attacks have 
included entering the premises 
through air conditioning ducts to 
prove lack of physical security, and 
seeding networks with viruses to 
assess preparedness to deal with White Hacker, Stephen James: “Virus sabotage is easy to 
viral assault perpetrate and requires carefully planned defences.” 

“I’ve never failed to compromise 



security,” James said, “I can always get ii 
somehow.” 


Imagine someone registered a 
joke name at a free e-mail site 
on the Web and used that to 
send you an e-mail. That mes¬ 
sage would be impossible 
to trace. Clearly you MUST 
HAVE a comprehensive 


anti-virus policy. 


You don’t need James’ sophistication 
to deliberately infect a PC with a virus, 
however. 

“All it takes is one macro virus in an e- 
mail attachment to infect you and erase 
some files or disrupt a project,” James 
said. “Your competitors know that’s a lot 
easier to do than cracking your firewall.” 

Your competitors also realise that 
losing your data can cost you business. 

“Imagine a macro virus striking just a 
few days before you need to submit 
tender documents,” James continued. 
“You could lose weeks of work and 
have no time to recover it. You could 
miss out on the deal ... and all a com¬ 
petitor needs is access to e-mail.” 

“Imagine someone registered a joke 
name at a free e-mail site on the Web 
and used that to send you an e-mail. That 
message would be impossible to trace. 


Clearly you MUST HAVE a compre¬ 
hensive anti-virus policy.” 

James’ warning comes on top of 
Cheyenne’s recent research showing 
viruses are out of control inside 
Australia’s 150 largest corporations. 
The March 1997 report on The 
Prevalence of Computer Viruses in 
Australia, commissioned by Cheyenne 
Software, found 90% had been 
attacked by viruses in the previous 12 
months but fewer than 50% could iden¬ 
tify the source of the attack. 

Nor could the cost of virus attack be 
easily quantified. Many respondents 
said it took at least one day to recover 


from virus attack and 
respondent said a virus atta 
cost more than $40,000 to rep: 
The survey also found ma 
believe their jobs are at risk 
viruses do damage to their co 
pany. 

“The survey and frontli 
reports from Stephen Jam 
about virus sabotage togeth 
show you must have an anti-vir 
strategy that covers all the pos: 
ble sources of infection , 
David Thrum, Assistant Vice 
President of Cheyenne Softwi 
“If you leave one hole, virus 
will get in and cost you mon 
and maybe your job.” 

Only InocuLAN can let you create 
comprehensive anti-virus policy j 
need,” Thrum said. “We can protect 
your data, no matter where it lives, whe 
it’s coming from or where it is going e 
we scan full time in every location. Th; 
the only way to make sure you’re safe.’ 


To read the Cheyenne report, go 
www.projectm.edia. com. au/clients/chey 
ne/survey.htm or call your local free ca 
numbers and Cheyenne will send you 
copy of the report. 


Cheyenne Opens New Zealand Office 


N ew Zealand has become 
Cheyenne’s latest overseas 
office with the appointment of 
Andrew Cashmore as Country 
Manager. 

Formerly General Manager of distrib¬ 
utor Microsource, Cashmore brings 
more than five years experience in 
storage and data protection sales to 
Cheyenne. 

“Cheyenne recognises its 
responsibility as a ven¬ 
dor is to generate 
end-user demand 
for its products 
and to offer the 
best possible train- A 
ing and support for 
its resellers,” said David Thrum, 




Assistant-Vice president for 
Cheyenne Software. “That’s why 
we’ve hired Andrew and 
opened the New 
Zealand office.” 
“My time at 
Microsource gave me 
very strong understand¬ 
ing of Cheyenne’s products 
and where and how they can 
be integrated,” Cashmore said. 

“I’m looking forward to joining one 
of the hottest companies in the IT 
industry,” he added. 


Cheyenne’s office is housed in 
Computer Associates’ Auckland 
headquarters, Level 5, 369 Queen 
Street. 
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Cheyenne Scales Higher with ADIC 


obotic tape drive specialists 
II Advanced Digital 

| Information Corporation 

(ADIC) and system integra- 
^^tor PS Solutions have together 
mated a $60,000 ADIC 1200 to 
leyenne, which has been installed at 
jmputer Associates’ Virtual 
iterprise Center, a facility housing 
2s and servers running most major 
terating systems all sharing the same 
:twork. 

The ADIC 1200 is a 12-tape robotic 
pe changer capable of using most 
pe formats and will be used to 
:monstrate the scalability and flexibil- 
i of Cheyenne’s ARCserve backup 
ftware, which will operate the robotic 
ive from a Windows NT workstation. 
‘Customers will come to the Virtual 



Cheyenne’s David Thrum, PS Solutions MD 
Phil Jackson and Kenji Eigner, ADIC’s direc¬ 
tor of International Sales with the ADIC 
1200 in the CA- Virtual Enterprise Center. 

Enterprise Center and see this software 
running in a multi-platform production 
environment just like their own, with a 
very sophisticated tape drive,” said 
David Thrum, Cheyenne’s Assistant Vice 
President for Australian and New 
Zealand. “We’ll be showing ARCserve 


doing what others only promise their 
software can do. And we’ve got the ref¬ 
erence sites too: Telstra use more than 
1000 ADIC robots with ARCserve.” 

“By having this new generation tape 
device here we can show how well it 
works in large enterprises. That’s a real 
benefit for users,” said PS Managing 
Director Phil Jackson. 

Kenji Eigner, ADIC’s director of 
International Sales, concurred. “We see 
growth for this kind of device driven by 
the explosion of client/server and 
Windows NT,” he said. “Users are scal¬ 
ing up. Showing them backup can be 
done from NT across all the platforms 
here in the Virtual Enterprise Center is 
a very important thing for ADIC.” 

“This is a natural progression for both 
of us,” Thrum added. “This is perfect tim¬ 
ing and a great marriage.” 


— CA Makes Cheyenne Very Welcome 


A 1 he merger of Computer 

I Associates and Cheyenne 

A Software has been an outstand- 

ng success, according to CA’s Senior 
Vice - President and Australian 

Managing Director Stephen Richards. 

“Since we bought Cheyenne we’ve 
seen really impressive growth globally 
md locally. The relationship is strong 
and we have big plans for Cheyenne’s 
products to make them even more scal¬ 
able and easier to manage.” 

These plans have already swung into 
action with the release of ARCserve 6.5, 
which ships with Computer Associates’ 
Unicenter TNG Framework, making it 
possible to use ARCserve at the heart 
of the industry’s leading enterprise 
management suite. Using Unicenter’s 


preconfigured backup “Business 
Process View,” administrators can sim¬ 
plify their view of storage and related 
management components and manage 
the entire process across an enterprise 
from a single console. 

ARCserve’s integration with 
Unicenter is just the beginning, 
Richards sad. “Cheyenne has captured 
the LAN. ARCserve and InocuLAN are 
de facto standards on the LAN for NT 
and NetWare. Computer Associates will 
be using Cheyenne’s experience in 
these environments to create solutions 
for small businesses looking for scalabil¬ 
ity from the LAN to the enterprise.” 

Behind the scenes, the acquisition has 
meant a significant increase in the 
resources available to Cheyenne. 


David Thrum Appointed Assistant VP 


D avid Thrum has been promoted 
to the position of Assistant Vice 
President, Australia/New 
Zealand. 

Thrum was promoted in recognition of 
Cheyenne’s successes in the local market. 
“We’re very pleased with Cheyenne’s 


position in Australia and New Zealand, 
said ReiJane Huai,” Cheyenne’s Chief 
Executive Officer and a Senior Vice - 
President of Computer Associates. “This 
promotion is well deserved, and also 
reflects the importance of the Australian 
and New Zealand markets to Cheyenne.” 


“You’ll be seeing some completely new 
products from us soon,” said Assistant 
Vice President David Thrum. Upgrades 
for existing products are also being sped 
up. ARCserve 7.0 is due early in 1998, 
while InocuLAN 5.0 has already 
reached public beta. 

Computer Associates has even given 
Cheyenne plush new offices at its 
Sydney headquarters. 

Yet Cheyenne remains independent. 
“We have become an independent busi¬ 
ness unit of CA,” Thrum said. “We set our 
path, build our own products and run our 
own channel and our own support.” 

“While a year ago Cheyenne was a 
significant company, today we’re part of 
the world’s leading business software 
house,” Thrum said. 



Cheyenne founder ReiJane Huai (left) 
congratulates David Thrum on his pro¬ 
motion at CA-World 1997 in New Orleans. 
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Microsoft Standardises on InocuLAN 


> From page 1 

preferred anti-virus solution and will 
bundle the software with its newly 
released Manage Wise 2.5 network man¬ 
agement system. 

“InocuLAN is a great complement to 
Manage Wise and ensures that our cus¬ 
tomers’ enterprise computing environ¬ 
ments remain secure,” said Robin 
McKinnon, manager of marketing for 
Novell’s Management Services Group. 

Samsung Electronics will also deploy 
InocuLAN throughout its enterprise, and 
has endorsed CA as the solution provider 


of anti-virus software for its Magic Power 
Pro PC Server line. The $19 billion elec¬ 
tronic communications company will OEM 
Korean versions of InocuLAN and more 
than 50 Samsung distributors across Asia 
will market ARCserve and InocuLAN, 
greatly increasing the availability of enter¬ 
prise computing solutions for customers. 

EDS has made InocuLAN part of its 
Consistent Office Environment (COE) 
and will deploy the software on more 
than 100,000 servers and PCs worldwide. 

InocuLAN will replace competing prod¬ 
ucts and was chosen after an independent 


software testing services organisation co 
pared InocuLAN directly with competi 
virus protection product lines. Cheyenn 
software was found to be easier to admin 
ter on large distributed' networks, offer 
superior macro virus detection and was al 
praised for its ability to detect and remo 
viruses on the desktop, the server, in e-m 
or in downloads from the Internet. 

“There’s no more powerful eridorseme 
than Microsoft and Novell because th 
own those platforms so they clearly knc 
what’s best for their own products." sa 
Cheyenne Assistant Vice president Dav 
Thrum. “These four deals prove Cheyen 
is the de facto standard for enterprise an 
virus on NT and NetWare.” 


ARCserve 6.5 for NT arrives 


> From page 1 

over the enterprise efficiently. 
ARCserve 6.5’s options include the: 

• Mainframe Backup Option allows 
ARCserve to back up client/server data 
to MVS systems, eliminating the trans¬ 
mission of duplicate data and compress¬ 
ing data locally prior to transmission. 

• Data Migration Option automatically 
migrates and de-migrates data between 
distributed storage devices: disk, optical 
and tape-based on policies set by the 
administrator. This new option also 
allows management of heterogeneous 
distributed storage devices. Tight inte¬ 
gration with ARCserve and its Disaster 
Recovery Option ensure full recover¬ 
ability of migrated data. 

• Optical Library Option enables 
ARCserve to back up data to single-or 
multiple-drive optical libraries, providing 
“lights out” automation and allowing cus¬ 
tomers to archive their data indefinitely. 

• Backup Agents For Openlngres and 
Informix provides online backup support 
for Openlngres and Informixdatabases. 

• Remote Disaster Recovery Option 2.0 
provides comprehensive end-to-end 
disaster recovery by allpwine users to 
restore data on remote "Windows NT 
workstations and servers that don’t 
have a locally attached tape device. 
Bcjot-Disk Information for all disaster 
recovery clients can now be centrally 
stored on the ARCserve. server, elimi¬ 
nating the need to create or manage 
boot disks for remote systems. The 
option also extends support to remov¬ 
able tape devices, libraries, and devices 
configured for RAID. 


• Image Option 2.0 delivers ultra-high 
speed image backup of Windows NT vol¬ 
umes by writing large blocks of data to 
tape, rather than backing up file-by-fil&\ 
This option preserves data integrity and 
consistency by backing up volumes as 
they are being accessed by applications. 

• RAID Option 2.0 with Tape Library 
Support allows concurrent streaming of/ 
data to a set of tape drives and provides 
striping with parity (RAID level 5) for 
fault tolerance and RAID level'1 for 
tape mirroring.'This option also supports 
software tape RAID levels 0, 1 and 5 
across multiple tape libraries and within 
multiple-drive libraries. Administrators 
can create a single, logical, high perfor¬ 
mance device with virtually unlimited 
media capacity. 

The upgrade has already been lauded 
by the industry. 

‘'ARCserve 6-5 leaves the gate ahead 
of its NT competitors with capabilities 
that extend from desktop to mainframe 
environments, and features that address 
the storage management and data pro¬ 
tection needs of the distributed environ¬ 
ment,” said International Data 
Corporation analyst Philip Mendoza, 
systems management software group. 

Rich Tong, Vice President of Marketing, 
Personal and Business Systems at 
Microsoft also praised the product. “We’re 
excited about the support Cheyenne is 
providing Windows NT in the enterprise,” 
he said. “ARCserve 6.5 leverages the seal- 
ability and manageability of Windows NT 
Server to provide our mutual customers 
with comprehensive enterprise backup 
and restore tools.” 

“We are also excited about the features 


and benefits ARCserve 6.5 for Windo\ 

NT can deliver to our customers,” said \ 

Mahadevan, vice president, Enterpri 

Storage and Options Division, Comp; 
Computer Corporation. “One of tl 
major features CA incorporated in 
ARCserve 6.5 is the new Tape Libra 
Option that provides the ability to crea 
a ‘virtual’ library of up to 16 Compaq DL 
libraries with a total of 32 drives. This ce 
provide users with up to 3.6 terabytes < 
unattended backup and restore capacit 
Phenomenal performance like this su] 
ports our goal of delivering easy-to-mai 
age, high-performance, high-capacit 
backup for business-critical environmen 
throughout an enterprise.” 

NetWare upgrade 

ARCserve for NetWare has also bee 
enhanced with the release of a backu 
agent for Novell’s Group Wise. 

The agent conducts live online backu 
of GroupWise messaging servers and i 
the only program on the market dedicat 
ed to protecting the groupware suite. 

Cheyenne has also released Protectio 
Suites for Microsoft Internet Informatio 
Server and Exchange Server. 

The latter includes a new version of it 
Backup Agent for Microsoft Exchangi 
Server—the first product to backup ant 
restore individual mailboxes. 

Full-time virus scanning and elimina 
tion for Exchange Messaging Clients ha 
also been added. Inbound and Outbounc 
messages are scanned for Exchange 
Outlook and Windows Internet Mai 
clients. Any viruses detected are curec 
before infected files are opened by users. 

For more information contact Cheyennt 
on your local free call number. 
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issigned specifications of 5,10, 20, 30, 40, 
ind 50 motors. 

Reality Check 

To ensure that my testing parameters and 
system configuration were not in some 
way slanted toward NT, I presented my 
findings to Bluecurve’s technical support 
team and to the other Lab technicians. 
One major concern pertaining to NT 
caching came up in those meetings. For 
^directional transactions, Dynameasure 
creates the data files on both the client 
and the server. For example, one of the 
files in the Copy Compressed Binary Files 
from Client to Server transaction is iden¬ 
tical for every motor during a test. 
Because of the small file size and small 
block size being transported across the 
network, I decided to investigate whether 
NT Server and the NT clients were actu¬ 
ally reading from or writing to the disk 
for every copy transaction. 

On any desktop system, you can see 
how data caching affects performance 
with a simple experiment: open any large 
data file stored on a floppy or a hard disk. 
The system takes a few seconds to read 
the requested data, open the viewing 
application, and display the data on the 
monitor. Close the application, and then 
open the same file. The data appears 
almost instantly, and you don’t hear the 
characteristic spin of the system reading 
the disk. The system has cached the data 
(and possibly the application) in RAM; 
thus, no disk read occurs, and the whole 
operation is substantially faster. 

I needed to eliminate any server or 
client memory caching that could influ¬ 
ence the tests. The idea was to force both 
NT and NetWare to access the hard disks 
as many times as possible during the copy 
transaction. (In racing terms, I needed to 
ensure that the cars made as many pit 
stops as possible.) I conducted the next 
series of tests in the same manner as the 
warm-up tests, except I increased the 
dataset scale and block size. Increasing 
these settings increased the memory that 
the system paged, and flushed the system’s 
RAM. 

Armed with this idea, for the next 
series of tests, I used the following para¬ 


meters: a 24.2MB dataset, a 100KB block- 
size, a 10-second think time, and six steps 
(with 5, 10, 20, 30, 40, and 50 motors, 
respectively). I again selected the Copy All 
Bidirectional test, because the random 
order of the transactions makes caching 
data from one transaction to the next dif¬ 
ficult. Graphs 1, 2, and 3 display the results 
of these tests. 

As you can see from the graphs, NT 4.0 
came out the clear overall winner in per¬ 
formance. During the test, peak throughput 
for NT (741KBps) was double the peak 
throughput for NetWare (356KBps). In 
every step of the test, NT’s ART was more 
than twice as fast as NetWare’s ART under 
comparable loads (MPS). 

To the Winner's Circle 

For the last series of benchmarks, I decid¬ 
ed to use Dynameasure’s Copy All Files to 
Server test. This test would eliminate file 
caching on the clients as a performance 
variable. For this test, I used the same test 
parameters that I used for the Copy All 
Bidirectional test: a 24.2MB dataset, a 
100KB block size, a 10-second think time, 
and six steps (with 5,10,20,30,40, and 50 
motors, respectively).This test and specifi¬ 
cation set transmitted a large amount of 
data across the network and maintained a 
high frequency of delivery. Graphs 4, 5, 
and 6 display the test results. 

The benchmark data again favours NT. 
Graph 5 shows that the closest ART values 
occurred during step 6 of the test. In step 
6, NetWare’s ART (122 seconds) was 10 
seconds faster than NT’s ART (132 sec¬ 
onds), so you might be tempted to argue 
that NetWare outperformed NT in the 
part of the test simulating the heaviest load 
(50 motors). However, you must examine 
the ART data in relation to the other per¬ 
formance data. 

In step 6, the NT racing team com¬ 
pleted a maximum 841,000 laps 
(i.e., 841KBps peak throughput) , and all 
50 cars (MPS) finished the race. The 
NetWare racing team completed 167,000 
laps (i.e., 167KBps throughput), and only 
33 cars (MPS) finished the race. NT’s 
throughput is five times NetWare’s 
throughput, and NT has 17 more motors 
running than NetWare. 


What If... 

Someone in the Lab observed that for the 
last two steps of the test, NetWare’s ART 
was getting faster, and NT’s ART was get¬ 
ting slower. What would happen if the test 
continued with more motors? I reran the 
tests, with a 24.2MB dataset, a 100KB 
block size, a 10-second think time, and six 
steps (with 10, 20, 40, 60, 80, and 100 
motors, respectively), and the results again 
favored NT. NetWare’s maximum 
throughput was 208KBps with an ART of 
142 seconds, running 83 motors. NT 
reached maximum throughput at 
720KBps with an ART of 42 seconds, 
running 100 motors. 

Post-Race Analysis 

To keep the racetrack equal for both 
teams, I maintained the same physical net¬ 
work connections, the same protocols, the 
same physical clients, and the same physi¬ 
cal test server—down to the same physi¬ 
cal hard disks. Within Dynameasure for 
File Services, I kept identical test specifi¬ 
cations (file size, type of transactions, and 
number of motors) for each operating sys¬ 
tem. I gave both racing teams the same 
track to race on, the same type and num¬ 
ber of cars to drive, and the same amount 
of time to complete laps. 

After running race after race and 
watching NT leave NetWare in the dust, 
I finally concluded that NT is indeed the 
better performing operating system for 
file services. Does that mean that you 
should throw out your NetWare servers 
and replace them with NT? You be the 
judge. After all, every garage in the coun¬ 
try does not have a new sports car. But the 
next time you go shopping, remember 
which operating system has the perfor¬ 
mance edge. □ 
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MIGRATION 
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O ne potato, two potato, three potato, four. 

NetWare? NT? NetWare? NT? Sound 
familiar? If so, you’re one of a growing 
number of network administrators 
fcvrestling with the Novell NetWare vs. 
^X/indows NT Server dilemma. As NT 
Server comes of age and NetWare s market 
share falters, more of today s small, midsize, and large network sites 
are asking themselves which network operating system will take 
them into the twenty-first century. This decision is complex, but if 
your company decides to switch from NetWare to NT, as the net¬ 
work administrator, you will need to find a way to make it happen. 

Enter Migration Tool for NetWare. Included with NT Server 4.0, 
Migration Tool for NetWare lets you transfer your existing NetWare 
2.x, 3.x, and 4.x file servers to an existing NT Server environment. 
In addition, with a few clicks of the mouse, Migration Tool for 
NetWare lets you transfer your NetWare users, groups, individual 
volumes, files, and directories. Even if your site has only a few users 
and files, Migration Tool for NetWare can gready reduce the time 
and effort required to successfully migrate to NT.Without Migration 
Tool for NetWare, you must manually add each user and group 
account to the NT server and selectively copy each file and directo- 
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the migration tool for NetWare t 0 












■Screen 1: 

Selecting source 


and destination 
servers 


mScreen 2: 

Viewing the 
main Migration 
Tool for 

NetWare screen 


ry—a daunting prospect. 

If the destination NT server is running 
Microsoft’s File and Print Services for 
NetWare (FPNW) you can also migrate 
user logon scripts. FPNW lets an NT serv¬ 
er function as both a standard NT server 
and a NetWare file-and-print server. 
Therefore, NetWare 2.x and 3.x clients can 
access both servers without additional soft¬ 
ware or configuration changes to the 
client. (Note: FPNW is an add-on for NT 
Server that you must purchase separately..) 

Let me take you step by step through a 
sample migration from NetWare 4.11 to 
NT Server 4.0.1 will tell you how to con¬ 
figure user and group information, handle 
duplicate names, assign passwords, and 
migrate individual files and directories. 
Most important, I’ll show you how to per¬ 
form a trial migration before doing the real 
thing. 

Before you start the migration, you need 
to get a few things in order on the NT 
Server side. First, the destination server 
must be either a Primary Domain 
Controller (PDC) or a Backup Domain 
Controller (BDC).This requirement makes 
sense because NT application servers don’t 
participate in logon authentication and 
don’t know or care about user or group 
accounts or how to handle them. Second, 
the destination NT server must be running 
the NWLink IPX/SPX Compatible 
Transport and the Gateway and Client 
Services for NetWare (GSNW). IPX/SPX 
is the default network protocol in the 
NetWare world and lets NT communicate 
with the NetWare server. Finally, as an 
option, you can install NTFS on the desti¬ 
nation server. NTFS grants NetWare 
trustee rights for files and directories that 
you want to migrate. Because the migration 
process makes significant changes to the 
destination server, be sure you have a solid, 
verified backup before continuing. With 
these preparations complete, here we go. 

Migration Tool 

You can run Migration Tool for NetWare 
from three locations: the destination server, 
a remote NT server, or a system running 
NT Workstation.To run Migration Tool for 
NetWare on a remote system, you must 
copy the following files: nwconv.exe, 


nwconv.hlp, logview.exe, and logview.hlp 
from the %systemroot%/System32 server 
folder. You start the migration on the NT 
system from which you are running the 
migration. If you choose to run the migra¬ 
tion from a remote NT system (server or 
workstation), make sure you have a valid 
connection to the destination NT server. 
In addition, you must run the Microsoft 
NetWare client on the system where you 
run nwconv.exe. I ran this sample migra¬ 
tion using NetWare 4.11 as the source and 
NT Server 4.0 as the destination. I ran 
Migration Tool for NetWare on the desti¬ 
nation server, not a remote system. 

To begin the migration, from the Start 
menu, select Programs, Administrative 
Tools, Migration Tool for NetWare. The 
first time you run Migration Tool for 
NetWare, the Select Servers For Migration 
dialog box appears, as you see in Screen 1. 
Use this screen to select a NetWare file 
server to migrate and a destination NT 
server. If you have run Migration Tool for 
NetWare before, the program saved your 
configuration information and automati¬ 
cally loads it when the program starts. The 
Select NetWare Server dialogue box 
appears and fists all NetWare servers it 
finds. 

An important fact about Migration 
Tool for NetWare is that it does not work 
with Novell Directory Services (NDS). 
This limitation is significant because in a 
NetWare 4.x environment, NDS is how 
you manage objects or resources. 


Migration Tool for NetWare handles con¬ 
nections to NetWare 4.x servers running 
NDS through bindery emulation. Older 
NetWare 2.x and 3.x servers maintain a flat 
file database called the bindery. Unlike 
NDS, each bindery server is a separate 
entity and knows nothing about the out¬ 
side world. In these circumstances, 
Migration Tool for NetWare treats 4.x 
servers the same as 2.x and 3.x servers. 

This serious shortcoming leads to some 
interesting issues during the migration. For 
instance, when you select a 4.x server from 
the fist, you will see the name of your cur¬ 
rent context. In Novell terms, your current 
context is your position in the NDS tree; 
your current context is the same as your 
current directory in DOS. You can see files 
only in the current directory, and you can 
see objects only in the current context. 
Also, be aware that you can’t change your 
context from within the NetWare server 
selection screen. If you don’t see any 
NetWare servers fisted, check to make sure 
you have NWLink IPX/SPX Compatible 
Transport and GSNW loaded on the NT 
server. 

When you have selected your source 
and destination servers, click OK. If you 
have not already been authenticated to the 
NetWare server when you logged on to 
the NT server, the program will ask you to 
provide a Supervisor-equivalent account 
name and password. Notice that NetWare 
uses the term Supervisor and not 
Administrator. Because I connected using 




































bindery emulation, the NetWare 4.x systems 
did not recognise the Admin account but 
interpreted my Admin logon as a 
Supervisor-equivalent account. The account 
must be Supervisor equivalent because you 
need complete NetWare system access and 
control. Similarly, for NT you must log on as 
Administrator or equivalent. 

At this point, you will see the main 
Migration Tool for NetWare screen, shown 
in Screen 2. The screen lists all NetWare 
and NT servers selected for migration. 
(You can have multiple source and destina¬ 
tion servers.) From this screen, you can 
make all necessary migration configuration 
modifications. You can add servers to be 
migrated, delete servers, set user and group 
options, set file and folder options, view log 
files, run the migration, and most impor¬ 
tant, run a trial migration. From the File 
menu, you can restore a previously saved 
configuration file, save current configura¬ 
tion settings, or clear everything by select¬ 
ing Restore Default Config. By default, the 
configuration files have a ,cnf extension 
and are located in the 
%systemroot%/System32 directory. You 
can’t read the configuration files with a text 
viewer—I tried. 

To add servers to the list, click Add on 
the main Migration Tool for NetWare 
screen and add your NetWare and NT 
servers, just like you did when Migration 
Tool for NetWare first started.You must log 
on to each NetWare server you select even 
though you might have done so when you 
first logged on. To delete a set of servers, 
select the set from the list and click Delete. 
A word of caution: the program won’t ask 
whether you really want to delete the serv¬ 
er; it simply does it. 

Users and Groups 

After you select your list of servers, you 
configure user and group options by click¬ 
ing User Options on the Migration Tool 
screen. You configure specific elements of 
the migration process by using the four 
tabs (Passwords, Usernames, Group Names, 
and Defaults) on the User and Group Op¬ 
tions screen, as you see in Screen 3. By 
default, Migration Tool for NetWare trans¬ 
fers users and groups during the migration. 
To exclude users and groups, clear the 



Transfer Users and Groups check box at 
the top of the screen. 

Map files (which tell Migration Tool for 
NetWare how to process usernames, pass¬ 
words and group names during the migra¬ 
tion) give more control over the migration 
process.Without map files, you would need 
to use Migration Tool for NetWare’s inter¬ 
nal migration methods. The map file lets 
you list each NetWare account, the new 
NT account name, and the corresponding 
password. The format of the file is 
old_name, new_name, password. The map 
file also has a section for group names that 
follows the same format (excluding the 
password field). To use this option, select 
the Use Mappings in File: check box on 
the User and Group Options screen. 

You can choose to create the map or 
edit an existing map file. Map files have a 
.map extension, and the program stores 
them by default in the %system 
root%\System32 directory. You can view 
them with any text viewer. To create a map 
file, first select the Use Mappings in File: 
option, and then click Create to bring up 
the Create Mapping File screen. By 
default, the program includes username 
information in the map file. If you want to 
exclude user accounts, clear the Include 
User Names option. Similarly, if you want 
to exclude group information, clear the 
Include Group Names option at the bot¬ 
tom of the screen. 

Next, and perhaps most important, is 
the default password option.You have three 
choices: No Password, Password is 
Username, and Password is <password> 
(the same password for everyone). I don’t 
like any of the choices, but another option 
saves the day: if you check User Must 
Change Password on the Passwords tab, 
your users must input a new password the 


first time they log on. Interestingly, no one 
can read NetWare passwords after a 
NetWare server saves and encrypts them. 
This restriction means that Migration Tool 
for NetWare can’t migrate user passwords; 
you must reassign them. You can see the 
work that’s involved if you have a large 
number of users. 

After you have selected a map file and 
set the default password option, click OK. 
A dialogue box will appear to let you 
know that Migration Tool for NetWare 
created the file and ask whether you want 
to edit it. If you select Yes, Notepad will 
start and automatically load the map file. If 
you intend to use mapping, I suggest 
checking the map file to make sure every¬ 
thing looks right—user and group 
accounts are correct and unnecessary 
information has been deleted. You will 
probably see user or group names that you 
don’t need to migrate. The map file has a 
[USERS] section for user accounts and 
[GROUPS] section for group names. You 
can fully edit the file and make necessary 
changes, such as adding the passwords you 
will use when creating NT accounts. 
What’s pretty slick about the map file is 
that it automatically picks up all NetWare 
user/group accounts and writes them 
to the file. 

If you forgo the map file, you must con¬ 
figure password, user, and group parameters 
manually. On the Passwords tab, you can set 
the default password and determine 
whether users need to change their pass¬ 
word the first time they log on. As men¬ 
tioned earlier, you have three choices for 
the default password: No Password, 
Password is Username, and Password is 
<password>—the same for all users. 
Because all these options can lead to some 
interesting security problems, I strongly 
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■ Screen 4: 

Selecting files 
to transfer 


suggest keeping the default option of users 
changing their password the first time they 
log on. 

The Usernames and Group Names tabs 
each contain options for handling dupli¬ 
cate NetWare and user and group names. 
Both sections let you log the error, ignore 
the duplicate name, or add a prefix of your 
choice. Only with usernames can you 
choose to overwrite existing NT accounts 
with the new NetWare information. If 
errors occur during the migration, 
Migration Tool for NetWare will write 
them to the Error.LOG file. 

Use the Defaults tab to configure the 
migration of administrative rights. The 
default is Use Supervisor Defaults; this 
option lets Migration Tool for NetWare 
overwrite the current Administrator 
account policy restrictions on the NT 
server with those from the NetWare 
Supervisor account. The policy settings 
include intruder lockout, password 
uniqueness, required password change, 
password aging, and minimum password 
length. The second option, Add Supervisor 
to the Administrators Group, determines 
whether the program adds NetWare 
Supervisor-equivalent users to the NT 
Administrators Group. By default, this 
option is not selected. 

You can transfer NetWare account 
information to a master domain by click¬ 
ing the Advanced button on the User and 
Group Options screen, then selecting the 
Transfer Users to Trusted Domain option. 
You use this option to transfer NetWare 
account information to the domain con¬ 
troller of the master domain. However, 
Migration Tool for NetWare still transfers 
file and folder information to the current¬ 
ly selected NT server. If you transfer 
groups to the master domain. Migration 


Tool for NetWare creates the groups as 
global groups in the master domain and as 
local groups on the selected server. 

Files and Folders 

After you have successfully configured user 
and group information, you need to con¬ 
figure the migration of files and folders. 
From the Migration Tool for NetWare 
screen, select File Options. By default, 
Migration Tool for NetWare transfers all 
files and folders from the NetWare server 
during the migration process, with the 
exceptions of system or hidden files and 
three of the default directories created on a 
NetWare server: the \LOGIN, \SYSTEM, 
and \ETC folders. If you want to include 
these files or folders, you can select them 
from the Files, Files to Transfer screen. You 
can also exclude files or folders from the 
migration by clearing the Transfer Files 
check box. 

By default, the Source Files listing on 
the File Options screen makes available all 
volumes on the NetWare system. You can 
delete or add these volumes by clicking 
Delete or Add. After you select a NetWare 
volume, you must specify its destination 
NT volume, share name, and folder by 
clicking Modify. In the Modify dialogue 
box, you can transfer the NetWare volume 
files and folders to an existing share, or you 
can create a new share. To change a share’s 
directory path, click Properties. To transfer 
data to a directory under an existing share, 
type the full path in the Subdirectory field. 
However, from this screen, you can’t 
change the path for existing shares, only for 
new shares. 

Selecting individual files and folders for 
transfer is straightforward. After you select 
the appropriate NetWare volume from the 
Source Files fisting, choose the folder you 


want to view; then select specific files from 
the folder, as you see in Screen 4. 
Migration Tool for NetWare transfers fold¬ 
ers and files that are selected. If a user cre¬ 
ates a file on a NetWare volume after you 
complete the migration configuration, 
Migration Tool for NetWare will transfer 
that file if you are moving other files in the 

Log Files 

Now you have finished configuring the 
migration process. You have taken care of 
users, groups, files, and folders. The only 
other element to consider is log files. Log 
files help you determine whether a migra¬ 
tion ran successfully. To set options for log 
files, select Logging on the main Migration 
Tool for NetWare screen. The default 
option is Verbose User/Group Logging. 
This option records the most information 
during a migration and includes summary 
information for files and folders and com¬ 
plete activity for users and groups. To 
reduce the size of the log file, you can clear 
this check box, so that you will record only 
user names and groups.The second logging 
option, Popup on Errors, causes the migra¬ 
tion process to stop on each error and 
requires manual intervention. The Verbose 
File Logging option records all files and 
folders transferred and their source and 
destination directories. 

You can view log files by first clicking 
Logging... on the main Migration Tool for 
NetWare screen.Then, click View Log Files 
to start the logview.exe program. 
Logview.exe displays the three log files that 
Migration Tool for NetWare creates during 
a migration: Error.LOG, Summary.LOG, 
and LogFile.LOG. As you see in Screen 5, 
page 122, Error.LOG contains a list of all 
errors that occurred. These errors include 
system errors, network errors, and user 
account names that were not transferred 
because of a conflict. Summary.LOG is a 
statistical file that contains migration infor¬ 
mation such as total running time, number 
of users and groups transferred, number of 
files transferred, number of name conflicts, 
and the total number of errors. 
LogFile.LOG contains a record of what 
successfully transferred and what failed as a 
result of an error. The file has sections per¬ 
taining to Supervisor defaults, user/ 
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group information, transfer options, and 
file information. 

As I stated earlier, if the destination NT 
server is running FPNW, Migration Tool 
for NetWare can transfer user logon scripts. 
For this feature to work properly, you must 
transfer the necessary file and folders from 
the NetWare system, especially the \MAIL 
directory, where the login script files are 
stored. When the user logs on to the NT 
server, the logon script will run as the user’s 
personal logon script. 

Trial Migration 

The best feature of Migration Tool for 
NetWare by far is its ability to perform a 
trial migration. The trial migration lets you 
tweak the configuration; you can run trials 
as many times as you like. A word to the 
wise: Use the trial migration. Treat it as 
your friend. It can save your career if you 
inadvertently set your migration options to 
walk over the top of your existing NT 
environment. During the trial migration, 
Migration Tool for NetWare doesn’t trans¬ 
fer information between the source and 
destination systems; it only creates log files 
to inform you how the process went. The 
trial run creates the same three log files 
(Error.LOG, Summary.LOG, and 
LogFile.LOG) as the real thing. Each time 
you run the trial migration, Migration Tool 
for NetWare creates new log files and 
renames the previous log files, replacing the 
extension with an incremental number. 

To start the trial migration, click Trial 
Migration on the main Migration Tool for 
NetWare window. Be warned that the pro¬ 
gram doesn’t ask you to verify this action; 
the trial starts immediately. When the 
Verifying Information dialogue box ap¬ 
pears, the migration program is verifying 
user, group, file, directory, and volume 
information on the source NetWare sys¬ 
tem. When the verification is complete, the 
trial conversion begins.You can follow the 
progress of the conversion on a monitor, as 
you see in Screen 6. 

The Real Thing 

When you have successfully run the trial 
migration with no errors, you’re ready to go 
for the real thing. The real migration is the 
same as the trial, except that it takes longer. 
To start the migration, click Start Migration 




on the main Migration 
Tool for NetWare screen. 

As with the trial migra¬ 
tion, no verification 
screen will ask whether 
you really 

the process, although you 
can click Cancel at any 
time. On NetWare sys¬ 
tems with many users, 
groups, files or folders, the migration process 
can take a long time. Although this will vary 
with machine speed, memory, and network 
bandwidth, I’ve seen migrations that involve 
1000 users and more than 100 groups take 
more than two hours to complete; so sched¬ 
ule accordingly. 

When the migration process is finished, 
a final dialogue box (shown in Screen 7) 
shows you statistics, including the number 
of users and groups transferred, the number 
of files transferred, and the total number of 
errors. If you have errors, check the log files 
to see what corrective action is necessary. If 
for some reason the migration fails, 
remember that you still have a complete 


and intact NetWare server that you can use 
to try again. Also, realise that you might 
have some work to do on the destination 
NT server to clean up user, group, file, and 
folder information. □ 
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Lotus' managing director for Australia and New Zealand 


L otus is a company that reinvents itself every five 
years. Coming to prominence in the early eighties 
with Lotus 123, the spreadsheet that became the 
standard for half a decade, it began to lose its competitive 
edge when Microsoft’s Excel arrived. Then Lotus did the 
unthinkable and saved itself from ignominy by delivering 
Notes - and introduced the concept of groupware. Now, 
over five years later, it’s time for Lotus to perform its magic 
act again. According to Peter Taylor, the new MD of Lotus 
Australia, it could well be in the form of eSuite, Lotus’s 
new suite of small Java applets. 

“I think eSuite is going to be a significant thing for us 
going forward,” he says. eSuite is composed of applets that 
act as simplified word processors, spreadsheets, browsers, 
presentation tools and the like, and are initially targeted for 
use on IBM’s range of NCs, although in future they will 
also run on PCs. With their main advantage being a far 
lower cost than standard applications, as well as being eas¬ 
ier to use, Taylor believes that they will threaten 
Microsoft’s Office suite. 

“They (Microsoft) will tell you that it’s irrelevant, it’s 
not going to happen and all the rest of it, but I think it’s 
just like the whole Internet thing - they ignored it hoping 
it will go away and I think they’re in for a rude shock. I 
think people do want this small, fast applet that they can 
just pull down and use,” Taylor says. 

“Companies are looking for cost effectiveness, they’re 
looking for lower cost alternatives,” Taylor adds. “If the 
truth be known, I think probably 75 per cent of the peo¬ 
ple out there don’t need the full functionality of the full 
suite of products. General users don’t need all that power, 
all that functionality.” 

Another technology that Lotus sees itself dominating 
in the future is market share systems, which is Lotus’ 
coined term for extranets. “We term that as a convergence 
of the Internet and intranets,” Taylor says.‘“It’s really inte¬ 
grating the customer much more into the business 
processes to build that relationship, to get much closer to 
the customer and let them feel much closer to us. Building 
the relationship much more tightly and therefore getting 
up a competitive advantage rather than just having infor¬ 
mation out on the Net that people can access.” 


Taylor gives Dell and Federal Express as good examples 
of how companies can use this, where both have Internet 
sites in which the user can gain limited access to internal 
processes. 

“What Federal Express did was to build a system that 
allowed their customers to get into their system to track 
where their document or parcel was going,” Taylor 
explains. According to him, these types of processes will 
become the norm in the future as competitors find them¬ 
selves forced to match their level of interactivity. 

Taylor also believes that electronic commerce is a log¬ 
ical extension of market facing systems. “It’s going to be an 
area that people will have to get into,” he says. While exist¬ 
ing electronic commerce solutions are largely online 
shopfronts such as Amazon.com, the Internet-based book¬ 
store,Taylor believes that the real money lies in business to 
business commerce. “The business to end user is an area 
that will certainly grow and develop but it’s the business to 
business that Lotus and IBM will dominate,” he says. 

Lotus’ upcoming e-commerce solution is Domino. 
Merchant 2.0 Server Pack, which will extend Domino’s 
functionality by acting as the front-end to a transaction 
system. A large influence in this has been IBM, whose lat¬ 
est marketing blitz has been on increasing electronic 
commerce awareness. “We’ve taken a lot of their technol¬ 
ogy and put it in our product,” he says. “There’s a lot of 
cross fertilisation between the two organisations in the 
R&D area.” 

An example of Domino.Merchant 2.0 being used is 
with the New Zealand online bank, BankDirect. “It’s 
completely online, there is no retail shopfront, it’s all done 
via the Internet,”Taylor exclaims." That’s the way we see 
the market trending.” 

With all of these developments and with news of lay¬ 
offs in Lotus’ SmartSuite development team in the US, 
rumours started to circulate that Lotus will kill off the 
SmartSuite package. However, Taylor is quick to point out 
that SmartSuite will not be a victim. 

“No, Smart Suite 98 will be out next year and there’s 
continuing work going on,” he says. “It’s an area that we 
continue to focus on as it continues to be important to us 
and - it’s still out there.” 
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Using System Policy 

Templates 


Write custom policy templates to modify the registry 

by Douglas Frisk 


_E 


s a Windows NT systems administrator, part of 
your job is choosing the right tool to use for the 
job. One of the more versatile tools in NT is the 
System Policy Editor (SPE) because it enhances 
network administration. It lets an administrator configure 
the NT Registry either directly over the network, or by 
creating policy files that are applied to a computer’s 
Registry when a user logs on. But the SPE can modify 


only Registry entries for which a policy template exists. 

Fortunately, you can create custom policy templates 
easily. For a recent project, I spent a lot of time writing 
custom policy templates. During the process, I learned 
that documentation on writing templates is scarce and 
that you can write more straightforward templates than 
the ones NT provides. 

You can load templates into the SPE to configure 
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custom changes to most parts of the 
Registry. When you use the SPE instead of 
the Registry editor, you reduce the possibil¬ 
ity of accidentally damaging the Registry. 
You can easily make a mistake with the 
Registry editor, particularly if you need to 
set multiple values. But the SPE follows the 
actions you define in the policy template 
and always makes the same changes. 

Custom policy templates play a large 
role in Microsoft’s Zero Administration 
Initiative. The Zero Administration Kit 
(ZAK — available at http://www.microsoft. 
com/windows/zak) contains configura¬ 
tions for two sample end users: a task- 
based user who uses one task-based appli¬ 
cation (Taskstation) and a slightly more 
advanced user who has access to two or 
three line-of-business applications (App- 
station). What makes the Taskstation and 
Appstation configurations work is in large 
part custom policies. 

This article is not a tutorial on using 
the SPE. For this article, I assume you are 
comfortable using both the Registry editor 
and the SPE. Once you understand the 
format and the limitations of policy tem¬ 
plates, you can begin to apply them to suit 
your needs. We’ll look at several scenarios 
to get you thinking about how you can use 
these powerful tools. 

Policy Template Format 

By default, NT stores policy templates in 
the \%systemroot%\inf directory. Each 
policy template file has three major sec¬ 
tions: CLASS MACHINE, CLASS USER, 
and [strings].The CLASS MACHINE sec¬ 
tion defines which options will appear for 
a computer policy, and it affects Registry 
entries in HKEY_LOCAL_MACHINE. 
The CLASS USER defines which options 
are available in the SPE when you work 
with a user or group, and it affects Registry 
entries in HKEY_CURRENT_USER. 
Finally, the [strings] section defines string 
variables that you can use in the other two 
sections. Screen 1 shows the SPE in policy 
mode. Each user and group icon represents 
a set of configuration instructions based on 
the contents of the CLASS USER section 
of the loaded policy templates. Each 
machine icon represents configuration 


information based on the CLASS 
MACHINE section of the loaded policy 
templates. 

The major classes contain categories. 
Categories appear in the SPE Properties 
window as a book icon, as Screen 2 
shows.You use categories to break up the 
policies into a logical hierarchical view. 
For example, in the WINNT.ADM policy 
template that comes with NT 4.0, the 
top-level categories for the CLASS 
MACHINE section are Network, 
Printers, Remote Access, Shell, System, 
and User Profiles. Categories can contain 
either other categories (in WINNT.ADM 
for example, the System category is fur¬ 
ther subdivided into Logon and File 
System categories) or policies. 

When you write templates, you can 
refer to the format definitions for them 
from such sources as Microsoft’s Zero 
Administration Kit and the Windows 95 
Resource Kit (the NT policy templates 
are a superset of the Win95 templates). But 
some functions documented here (e.g., 
NoSort and ExpandableText) are not doc¬ 
umented elsewhere. 

When you edit a policy file or 
Registry with the SPE, policies appear in 
the top half of the SPE properties win¬ 
dow with a check box. The SPE has two 
modes: Registry mode and Policy mode. 
You use Registry mode to directly edit 
the Registry and Policy mode to create 
or modify policy files. In Registry mode, 
the policy checkboxes have two states: 
On and Off. In Policy mode, these 
checkboxes have three states: checked (or 
apply in an on state), unchecked (or apply 
in an off state), and greyed out (or ignore 
this policy). 

Simple yes/no-type policies don’t need 
to go any further. However, if the Registry 
data is more complex than you can handle 
with a simple yes or no answer, a policy 
can have several parts. With a multipart 
policy, you can use the additional parts to 
control multiple values when the policy is 
in an on, or apply, state. An excellent 
example of a large, complex policy is the 
color scheme policy that comes in the 
COMMON.ADM standard template. 
Here, you can choose from several options 


and, based on your 
choice, modify 25 
Registry entries. 

What's Up with 
the [strings] 

Section? 

The [strings] section defines text 
variables that you can use in other parts of 
the policy template instead of direcdy 
using the string. I’m not sure why you 
would want to do this, though. If you look 
at the policy templates that ship with 
NT and Win95, you see that Microsoft 
templates rarely use strings in-line in a 
template. These templates are full of lines 
such as CATEGORY! !VARIABLE_ 

NAME. Variables tend to make templates 
less readable and double the file size. For 
every reference to a !!VARIABLE_NAME 
in the CLASS MACHINE or CLASS 
USER section, you must have an equiva¬ 
lent !!VARIABLE_NAME=“ Variable 

Text” in the [strings] section. 

I prefer to put the text in-line in the 
template. In-lining the text makes the tem¬ 
plate shorter and easier to read. Unless I 
have a string that will appear more than 
twice in the template, I do not use string 
replacement variables. The clarity of the 
template more than makes up for any 
potential savings from using the variable 
instead of retyping the text. 

Policy Limitations 

Policy templates offer a convenient filter 
through which to view parts of the 
Registry. They have limitations, though. 
The Win95 Registry supports two data 
types in NT: variable-length string and 
binary. The NT Registry supports several 
other data types, but you can modify only 
the REG_SZ (string), the REG_ 
EXPAND_SZ (expandable string), and the 
REG_DWORD (4-byte integer) entries 
through system policies. 

Because policies do not support all the 
Registry data types, you cannot modify 
some Registry values. For example, you 
cannot write a policy to fix the replication 
bug in NT 4.0. Directory replication in 
NT 4.0 doesn’t work until you add a line 
to the Allowed paths value in 
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HKEY_LOCAL_ 
MACHINE\SYSTEM\ 
CurrentControlSetX 
ControlXSecurePipeServers 
\Winreg. Because this value 
s the REG_MULTI_SZ 
(multi-line string) type, the SPE can’t 
modify it. If you wrote a policy to modify 
this value, you might change the data type 
and cause unpredictable results. Luckily, 
most Registry entries are 
REG_SZ,REG_EXPAND _SZ, or 
REG_DWORD, which are the data types 
system policies support. 

The rest of this article details several sit¬ 
uations where no convenient user interface 
control exists for some feature in the 
Registry. For each situation, I explain how 
to create a policy template that lets you 
control an entry with the SPE. 


SCENARIO 1 


A System Policy for Controlling the 
WINS Proxy Flag 

WINS resolves computer names to IP 
addresses. However, some older network 
client software (e.g., LAN Manager 2.x) 
does not support WINS. For these clients, 
you can configure an NT machine to act as 
a WINS proxy agent on the local network. 
Looking for a server’s IP address, the non- 
WINS client will generate a broadcast on 
the local network. The WINS proxy agent 
will listen for these broadcasts, forward 
them to a remote WINS server, and return 
the desired server’s IP address to the non- 
WINS client. Having one WINS proxy 
agent on a segment with non-WINS 
clients can let these clients access resources 
that they ordinarily wouldn’t be able to. 
Having more than one WINS proxy agent 
on a segment or installing a WINS proxy 
agent on a segment that doesn’t have non- 
WINS clients will not increase functional¬ 
ity but will create additional network traf¬ 
fic. (For more information on WINS proxy 
agents, see David Lafferty, “Setting Your 
WINS Strategy,” page 68, and Mark 
Minasi,“WINS Proxy Agents,” page 147.) 

In NT 3.51, the network applet in 
Control Panel lets you control whether an 
NT machine acts as a WINS proxy agent. 




■ Screen 2: 
Enabling the Auto 
Logon policy 


■ Screen 1: 

Displaying the System Policy 
Editor in Policy mode 




3 Various Other Registry Sellings 

□ Logon Prompt 
^ H Password Warring 

Domain | CORPORATE _-| 
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■ Screen 3: 
Viewing the Enable 
WINS Proxy Agent 
policy 


In NT 4.0, this utility doesn’t exist. 
Microsoft removed it because you rarely 
need proxies. If you need WINS proxies, 
you can create a policy template to have 
the SPE control this function. 

The Registry entry that controls 
whether a computer will act as a WINS 
proxy agent is in HKEY_LOCAL_ 
MACHINE\SYSTEM\CurrentControlS 
et\Services\NetBT\Parameters. If you 
set EnableProxy to 1, the computer will 
act as a WINS proxy agent; if you set it to 
0, it won’t. 

Creating a policy is fairly straight¬ 
forward. Screen 3 shows how simple a pol¬ 
icy entry in a template can be. The first line 
begins with the keyword Policy. The name 
of the policy as it will appear in the SPE (in 
this example, Enable WINS Proxy Agent) 
comes next. The second and third lines 
specify the Registry key and Registry 


value this policy will modify. The 
KeyName keyword specifies all but the 
hive of the Registration key. The policy 
class defines the hive. If the policy is in the 
CLASS MACHINE section, the hive is set 
to HKEY_LOCAL_MACHINE. If the 
policy is in the CLASS USER section, the 
hive is set to HKEY_CURRENT_ 
USER. Because this value is in 
HKEY_LOCAL_MACHINE, this policy 
needs to be in the CLASS MACHINE 
section of the template. The ValueName 
keyword entry specifies the value. 

For this scenario, set the Registry value 
to integer 1 or 0. You aren’t limited to 
numeric values though.You can set the val¬ 
ues to strings, such as ValueOn “on” and 
ValueOff “off.” You can even delete an 
entry from the Registry with the ValueOff 
or ValueOn Delete statements. 

Remember, ValueOn 1 is not the same 
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■ Screen 5: 
Specifying the Change 
Log Size and 
Replication Governor 
policies 


as ValueOn Numeric 1. In the first case, the 
policy stores the value in the Registry as 
type REG_SZ (string); in the second, the 
policy stores the value as type 
REG_DWORD (integer). Accidentally 
storing a string value where the operating 
system expects an integer can cause unpre¬ 
dictable results (up to and including mak¬ 
ing your machine unbootable). 

You must include both a ValueOn and 
a ValueOfF statement for each policy you 
create. When you use the SPE in Registry 
mode, the SPE uses these statements to 
determine the current state of the 
Registry. If you don’t include them, the 
SPE can make an incorrect assumption 
and when you save your changes, uninten¬ 
tionally modify something you did not 
want to change. 

For example, consider the WINNT. 
ADM file that ships with NT 4.0. The first 


two policies in that file control whether 
NT will automatically create the adminis¬ 
trative (c$, d$, etc.) shares. As shipped with 
NT 4.0, these policies don’t have a 
ValueOn statement. If you edit the 
Registry with the SPE and don’t specify 
that you want the administrative shares cre¬ 
ated, NT will remove the administrative 
shares by default. Service Pack 3 for NT 
4.0 has an updated WINNT.ADM file that 
does not have this error. 

Because you should install a WINS 
proxy agent on only one or two machines 
per subnet, you might want to display a 
message in the SPE explaining the rules for 
using WINS proxy agents. You can use a 
Text part in the policy to display a line of 
text in the bottom half of the policy editor 
dialogue. Text parts only display informa¬ 
tion; they do not modify the Registry. 

Because the SPE will not break text 


lines and doesn’t have a 
horizontal scroll bar, 
take care to break the 
text fines at an appro¬ 
priate place. 

Unfortunately, trial and 
error is the only way to deter¬ 
mine the optimal fine breaks. 

I just described what you c 
with a simple yes or no policy. To accom¬ 
plish more, you must create a multipart 
policy. 



SCENARIO 2 


Automatic Logon 

Suppose you want to configure a machine 
as a publicly accessible information kiosk. 
In this case, you don’t want someone to 
be able to unplug and re-plug the power 
cable and get a logon prompt. You might 
consider using an automatic logon for an 
NT machine. This way, on power-up, the 
machine can automatically log on to the 
network and begin the kiosk application. 
You can’t configure automatic logon 
through the standard user interface, so you 
must create a policy to configure auto¬ 
matic logon. 

For an automatic logon to function, 
you must set four values in the Registry. In 
HKEY_LOCAL_MACHINE\SOFTWA 
RE\WindowsNT\CurrentVersion\WinL 
ogon, set AutoAdminLogon to 1. Then, set 
DefaultUserName, DefaultPassword, and 
DefaultDomain to valid values. 

Given this information, you want to 
create a policy that, when selected, requires 
the user to enter a value for the three logon 
values. Additionally, because Default 
Password is stored in clear-text, when this 
policy is unselected, you’ll want to delete 
these values from the Registry entirely. 

Screen 4 shows the policy for this sce¬ 
nario. Notice that the policy does not 
specify KeyName. The policy inherits its 
KeyName from the category, and the parts 
of this policy inherit their default 
KeyName from the parent policy. This 
behaviour is standard; if the KeyName 
is not defined for a category or policy, it is 
inherited from its parent category or class. 

Note also that when you un-select this 



















policy, the policy deletes 
all four values from the 
Registry. The policy 
deletes the AutoLogon 
value in the ValueOfF state- 
lent and uses an 
ActionListOff statement to delete the 
other three values. Again, you must include 
the ValueOn and ValueOfF statements in 
each policy so the SPE can determine the 
current state of the Registry when operat¬ 
ing in Registry mode. You can configure 
the Domain part of this policy as a combo 
box (as I’ve done) instead of simple text. 
This approach lets you offer suggestions 
but still lets users enter whatever they 
want. The Maxlen parameter in the 
Domain part also prevents a user from 
entering a domain name longer than 15 
characters. I’ve also made Username, 
Password, and Domain required so that if 
users select the automatic logon policy, 
they must enter a username, password, and 
domain in the SPE. After all, if you were 
able to turn on automatic logon and then 
leave the username, password, or domain 
field blank in the policy, the automatic 
logon wouldn’t know what these values 
were and would fail. 


SCENARIO 3 


Domain Controller Functions 

When a Backup Domain Controller 
(BDC) pulls changed security accounts 
database information from the Primary 
Domain Controller (PDC), the BDC 
checks the Replication Governor parame¬ 
ter to determine how much network 
bandwidth to use. By default, this traffic 
can take up to 100 per cent of the network 
bandwidth and affect an end user’s ability 
to access resources. On the other side, the 
PDC maintains a fist of account changes 
that have not been replicated to the BDCs. 
By default, this log (\%systemroot%\nedog 
on.chg) size is 64KB. 

If you reduce the value in the 
Replication Governor parameter, you can 
end up with more account changes waiting 
to be replicated than space available to hold 
them in the netlogon.chg file. In this case, 
NT marks the PDC for full database syn¬ 



chronisation and sends the full accounts 
database to the BDC (in a large organisa¬ 
tion, perhaps 40MB), instead of sending 
only the changed account data. If you 
throtde back the Replication Governor on 
the BDCs, increase the size of the change 
log on the PDC. Because this increase car¬ 
ries no performance penalty, always 
increase the size of the change log. 

Because these values affect only 
domain controllers, the user interface does¬ 
n’t include controls to manage them. But, 
you can create policies that will let you set 
these parameters. 

First, you need to adjust the 
Replication Governor parameter. This 
value is stored in HKEY_LOCAL_ 
MACHINE\SYSTEM\CurrentControlS 
et\Services\NetLogon\Parameters as the 
Replication Governor value. Because this 
value is a numeric percentage, valid values 
range from 0 to 100. In the example pol¬ 
icy in Screen 5, the Replication Governor 
parameter has a minimum value of 0, a 
maximum value of 100, and a default 
value of 100. 

When you define a part as numeric, the 
SPE puts spin buttons (the small stacked 
buttons that let you adjust a numeric value) 


to the right of the input field. The default 
increment for the spin button is 1 .You can 
use the spin x keyword if you want to 
increment or decrement the spin control 
by more than 1. If you want to remove the 
spin control entirely, use spin 0. 

How about the change log size? A cou¬ 
ple of factors make using a simple numer¬ 
ic input type impractical. First, the change 
log can be as small as 64KB or as large as 
4MB. Also, the change log size must be a 
multiple of 64KB. To top it off, NT must 
store the size as the total number of bytes. 
To prevent the user from entering an 
invalid value, use a drop-down menu, as the 
policy template in Screen 5 specifies and 
the window in Screen 6 shows. 

Typically, when you use the SPE, items 
in a drop-down menu appear canonically. 
In the case of the policy you see in Screen 
5, this type of organisation would cause 
the SPE to display the entries out of order. 
I used the NoSort keyword to force the 
SPE to display the fist in the same order as 
is in the template file. In Registry mode, 
the SPE will compare the current value in 
the Registry with the values in the list and 
display the appropriate name in the list 
box by default. 



















■ Screen 8: 
Setting the Internet 
Explorer 3.x policy 



SCENARIO 4 


Controlling the User Environment 

When you type a universal resource locator 
(URL) into Internet Explorer (IE), the soft¬ 
ware remembers the typed URL and stores 
it in a drop-down menu in the address con¬ 
trol. If you are an IS manager in a large 
company, you can customise the links IE 
displays in the address drop-down menu to 
include several company-specific sites. 

You can go to each machine in your 
organisation and manually enter the 
URLs, but that approach is time con¬ 
suming. Instead, you can create a policy 
that will let you add links to this list. The 
list of URLs in the address drop-down 
menu is in HKEY_CURRENT_USER\ 
SOFT WARE\Microsoft\Internet 
ExplorerXTypedURLs. NT stores each 
URL with the value name urlx, and the 
data is the URL, as Screen 7 shows. 

For all the formats we’ve looked at so 
far, the Registry key and value that the 
template modifies are fixed when you 
write the poficy.With the ListBox part, you 
specify only the Registry key, not the 
value. The data you enter in the policy 
determines the value. 


Because the value names are all of the 
format urll, url2, etc., I used ValuePrefix 
“url,” as the policy template in Screen 8 
shows. This command makes the policy 
add the data from the policy into the 
Registry in the expected format. 

Because you don’t want to delete the 
user’s favourite sites, the Additive keyword 
is important. This variable tells the policy to 
add the information to any existing values 
in the Registry. Without the Additive key¬ 
word, the policy will delete existing values 
and insert the entries from the policy tem¬ 
plate. Without the Additive keyword, users 
lose typed URLs each time they log on. 


SCENARIO 5 


File Associations 

You don’t need to specify a prefix using the 
ListBox part. Using ExpHcitValue, you can 
enter the value and the data. For example, 
consider a policy that modifies 
HKEY_CURRENT_USER\SOFT- 
WARE\Microsoft\WindowsNT\Current 
VersionXExtensions. Here, NT stores user 
preferences for file associations, as Screen 9 
shows. This poficy lets a user specify the 
application associated with a file extension. 


A standard way for 
enforcing standards for 
users’ file associations 
on an NT network 
does’nt exist. But, you 
can create a poficy. 

If you want to regi 
companywide preference 
must specify the extens: 
value, and program as the data. Instead of 
ValuePrefix, use Explicit Value, which will 
let you enter both the value and data. 
ExplicitValue and ValuePrefix are mutually 
exclusive; you cannot use them together. 
You can leave both out of the template, in 
which case the poficy will use the data for 
the value name. 

In the example poficy in Screen 10,1 
used the Additive keyword so that when I 
apply the poficy, I don’t use the user pref¬ 
erences that the poficy doesn’t affect. 
However, if duplicate value names exist in 
the Registry and the poficy, the poficy 
replaces the value that is already in the 
Registry. For example, if a user has set the 
.doc extension to be associated with 
WordPerfect 5.1 and the poficy is config¬ 
ured to associate .doc files with Word 97, 
the poficy will overwrite the user prefer¬ 
ences, ensuring a consistent organisational 
standard. 

Wrapping It Up 

The SPE is a powerful systems administra¬ 
tion tool. But, it is only as powerful as the 
poficy templates you use with it. I have 
shown you how to create a poficy template 
that lets you control almost any aspect of 
the computers in your organisation. 
Creating custom templates costs extra up 
front, but the speed and safety of using 
policies and the SPE to modify Registry 
parameters recovers those costs rapidly. □ 
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any network admin¬ 
istrators wrestle 
with how to employ 
effective Windows 
Internet Name Service (WINS) server 
strategies. Administrators typically ask 
questions about running WINS in small 
and large environments, determining an 
effective number of servers, using WINS 
with Novell NetWare clients, and securing 
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■ Screen 1: 

Using the Replication 
Partners screen to 
configure WINS on at 
least two servers 


WINS against unauthorised access. Before 
I get into the questions I see most fre¬ 
quently, let’s review the history of name 
resolution and how we arrived at WINS. 
(If you can’t wait to learn the answers, see 
the sidebar “To WINS, or Not to WINS,” 
page 70, for a few hints.) 

A Brief History 

Once upon a time, network administrators 
jumped through two hoops to perform 
name resolution on Microsoft-based, 
TCP/IP networks. The first hoop was 
Domain Name System (DNS)—not a big 
deal for UNIX savvy administrators famil¬ 
iar with HOSTS files and DNS namespace 
on the server. But maintaining static 
addresses and names for hundreds of nodes 
on many DNS servers causes network 
administrators to think twice. As a de facto 
standard for Internet naming, all networks 
used DNS. Properly configured, DNS lets 
TCP/IP-based applications communicate 
on the network. 

The next hoop was to let Microsoft- 
based clients share files and printers. 
Beginning with LAN Manager, Microsoft 
built name resolution on NetBIOS. In 
NetBIOS networks, computers broadcast 
their local, unique NetBIOS name on the 
network — a fundamentally different 
approach compared to the connection- 
oriented nature of TCP/IP. In small, 
bridged environments, NetBIOS’s perfor¬ 
mance was great in terms of network 


throughput (albeit with high bandwidth 
utilisation). 

However, as networks grew and 
TCP/IP forged ahead into large, segment¬ 
ed, routed networks, NetBIOS had to 
adapt. Because it is a broadcast protocol, 
you can’t route it. So Microsoft gave us the 
LMHOSTS file, the NetBIOS equivalent 
of a TCP/IP local HOSTS file. 

LMHOSTS maps NetBIOS names to 
IP addresses so that clients can share files 
and printers in routed networks. However, 
as with the HOSTS file, local administra¬ 
tion on each workstation was a nightmare, 
if not impossible. Although LMHOSTS 
supported references to centralised files, it 
simply wasn’t enough. 

Jump ahead to Windows NT 3.5 and 
the introduction ofWINS. It provides two 
important functions. It performs dynamic 
resolution of NetBIOS names to TCP/IP 
addresses, and it reduces name resolution 
broadcasts by setting up computers as H- 
nodes, which lets the computers directly 
reference the WINS server for name 
lookup. If WINS is unavailable or the 
name isn’t in the database, WINS resorts to 
a broadcast. WINS and DNS effectively 
serve the same purpose. 

Now you know what WINS does. Let’s 
address administrators’ concerns about how 
to employ WINS in today’s environments. 


Slim Environments 

“I support a small 20-node network run- 




































ning NT and Windows 95. Do I need 
WINS?” 

Organisations with small networks or 
branch offices previously avoided the 
complexity of TCP/IP administration. 
They selected easier-to-support protocols 
on local networks, such as NWLink and 
IPX/SPX. Now that Internet connectivi¬ 
ty has become the norm, priorities have 
changed. 

Yet, many administrators still mistaken¬ 
ly believe that only large TCP/IP net¬ 
works need WINS. If your organisation 
supports numerous small sites with mini¬ 
mal administrative or technical support, 
WINS makes sense. (Even from an admin¬ 
istrative standpoint alone, WINS makes 


When deploying NT networks in small 
locations or locations with minimal onsite 
support, consider employing WINS on the 
site’s high-performance domain con¬ 
trollers. These machines offload overhead 
from dedicated high-user file servers. 

However, sites using a single server for 
domain control and file and print sharing 
obviously need WINS on the primary file 
server. In these situations, WINS won’t add 
much overhead because you have fewer 
workstations, and changes to IP addresses 
and name changes are probably minimal. 

In addition to identifying the best 
WINS distribution on your site’s servers, 
you must also decide the importance of 
WINS name resolution to that site. If the 
primary WINS server goes down or 


becomes unavailable, TCP/IP network 
communication can become difficult. 
Even machine browsing with the 
Network Neighborhood is difficult with¬ 
out WINS functioning in a pure, multi- 
segmented TCP/IP network. You could 
simply define LMHOSTS files on each 
workstation to work around the downed 
WINS server, but that brings you back to 
onsite support issues. 

For this reason, configuring WINS on 
at least two servers for each location is a 
good idea. Here’s how to designate one 
server as the primary WINS server: In 
WINS Manager, click on the Server menu 
and then click Replication Partners. On 
the Replication Partners screen shown in 
Screen 1, enter the machine name and IP 
address of the secondary or backup WINS 
server. This configuration adds the backup 
server as a replication partner and lets both 
WINS servers exchange updates of their 
WINS databases. 

In environments with numerous small 
sites connected by slow WAN links, plac¬ 
ing a WINS server in each location mini¬ 
mizes name resolution traffic over the 
WAN. But as your environment grows and 
WINS traffic increases, you must monitor 
name resolution requests across the net¬ 
work and plan to consolidate WINS 
servers to locations that warrant increased 
name resolution services. 

Too Much of a Good Thing 

“My environment has two WINS servers 
for each group of 10 clients. Is this WINS 
strategy a solid approach?” 

Sites with thousands of nodes in multi¬ 
ple, connected locations often have too 
many WINS servers. Effective WINS plan¬ 
ning means maximising the availability of 
WINS servers to clients, not maximising 
the number ofWINS servers. In addition, 
you need to be aware of the replication 
demands between each WINS replication 
partner. Based on an average of three data¬ 
base changes per hour on each WINS 
server, replication traffic can create a sig¬ 
nificant amount of network chatter, possi¬ 
bly up to 8 percent in an eight-hour day, 
according to a presentation by Microsoft’s 
Wally Mead at Microsoft Tech-Ed 1997. 

Effectively managing WINS in large 
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environments entails three major steps: 

1. Determine the effective number of 
required servers. Running more than two 
WINS servers for each 100 to 200 nodes 
probably overloads the system. This fact is 
especially true when all workstations con¬ 
nect in a single LAN. Keep in mind that 
several factors affect the capability of a sin¬ 
gle WINS server. These factors include 
server hardware, network link speed, and 
volatility ofWINS database changes. 

To determine whether you have 
the appropriate number of servers, use the 
NT Performance Monitor (Perfmon. 
exe) to track CPU utilisation, bytes per 
second for the network interface, and 
queries per second for the WINS server. If 
any counter consistently reports high util¬ 
isation, your environment may require 
additional WINS servers. However, if these 
counters indicate little to no activity, con¬ 
sider eliminating or relocating these 
underutilized WINS servers. 

2. Determine geographical placement of 
the servers. Having multiple WINS servers 
on a single segment does not result in a 
huge boost to name resolution perfor¬ 
mance. WINS really shines in its ability to 
better service requests across routed seg¬ 
ments, especially in a WAN environment. 
To minimise your dependency on slow 
WAN links for name resolution traffic, you 
can locate WINS servers in strategic geo¬ 
graphical locations. For example, in a mul¬ 
titiered network, your servers may reside 
on routed segments for the Northeast. 
Localising WINS servers on the Northeast 
segments aids name resolution and reduces 
the need for WINS servers defined for 
other regions to resolve names. Also, to 
increase performance, you will want to 
place WINS servers on segments with high 
broadcast traffic. This strategy facilitates 
regional name resolution without WINS 
traffic traversing an excessive number of 
network segments. 

3. Control replication intervals. Three 
settings manage WINS replication traffic: 
Update Count, Replication Interval, and 
Start Time. The Update Count determines 
the number of record updates that must 
occur in the WINS database before the 
WINS server notifies its partners that 
replication updates exist. Depending on 


the volatility of name changes in your 
environment, increasing the Update 
Count reduces the number of replication 
notifications that the server sends. 
(However, name resolution failures may 
occur because WINS name changes will 
take longer to reach partner WINS 
servers.) 

Here’s how to increase the Update 
Count: in WINS Manager, click the 
Options/Preferences menu and then click 
Partners. When you see the Preferences 
screen shown in Screen 2, click Update 
Count. 

Instead of increasing the Update 
Count, you can simply increase the 


Replication Interval. WINS sets the 
default Replication Interval to every 
30 minutes. This means that once WINS 
notifies replication partners that updated 
records exist, partners pull replication 
records in 30 minutes. You need to adjust 
this value consistently across all WINS 
replication partners, and you need to con¬ 
trol the time of day when replication 
events occur. 

If your environment must increase its 
Replication Interval, time the updates to 
occur during off-hours—especially with 
WINS servers across WAN links. To set the 
Replication Interval, click Replication 
Interval on the Preferences screen and enter 



■ Screen 2: 
Changing the Update 
Count on the Pref¬ 
erences screen 



■ Screen 3: 
Using the Static 
Mappings menu to 
improve name 
resolution 
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an interval in the HH:MM:SS format. 

In large environments, administrators 
often configure WINS servers in a multiti¬ 
er hierarchy. You may need to configure 
Replication Intervals so that changes cas¬ 
cade to partner WINS servers appropriate¬ 
ly. In other words, you want to ensure that 
WINS replicates record updates from serv¬ 
er A to server B and then from server B to 

Mixed Environments 

“Our network consists of NT application 
servers with mostly NetWare clients. How 
can I set up WINS?” 

Mixed networking environments are 
today’s norm.Yet many such environments 
don’t necessarily warrant the use ofWINS. 
For example, one of my customers only 
recendy began to upgrade 400 worksta¬ 
tions from Windows 3.11/ 
NetWare 3.x to Win95. In this environ¬ 
ment, the company deployed NT servers 
for SQL database applications, but 
NetWare 3.x and 4.x. systems were the pri¬ 
mary file-and-print networks. Except for a 
handful of NT clients, all the client work¬ 
stations ran Windows 3.11 with a 16-bit 
Novell client stack, so WINS servers did 
not benefit this company.The Novell client 
implemented both a 16-bit IPX and 
TCP/IP stack, so NetBIOS name resolu¬ 
tion wasn’t a factor or requirement. 

Other environments also use 
NetBIOS-dependent transports. Such 
environments include IBM LAN Manager 
or Digital Equipment Pathworks. Client 
workstations that can’t recognise WINS 
servers directly can still take advantage of 
WINS dynamic name resolution, using 
WINS proxy agents. A proxy agent can be 
any NT or Win95 client workstation con¬ 
figured to access a given WINS server. 

Proxy agents accept broadcasts from 
non-Microsoft clients and forward the 
requests to the WINS server. Rather than 
maintain a WINS database, you can use a 
proxy agent that essentially gives the B- 
node client access to its local name cache 
for a given period. If you want to use proxy 
agents, clients must comply with Request 
for Comments (RFC) 1001 and RFC 
1002 and conduct B-node (broadcast) res¬ 
olution. 


WINS proxy agents are also helpful in 
large organisations where several Microsoft 
clients run TCP/IP but do not access a 
WINS server. These agents use broadcasts 
rather than directed resolution requests to 
a WINS server. Employing a proxy agent 
on subnets can help reduce the need to 
implement additional WINS servers. 

Static mappings are another method to 
improve name resolution in mixed envi¬ 
ronments. Static mappings are permanent 
entries in the WINS database for specific 
machines. This solution incorporates non- 
Microsoft hosts into the WINS database, 
which improves name resolution perfor¬ 
mance. 

Here’s how to add a static mapping: In 
WINS Manager, click the Mappings menu 
and then click Mappings. When you see 
the Static Mappings menu shown in 
Screen 3, enter the name and IP address for 
the given server. 

Static mappings also help in small, 
mixed environments; however, you must 
document your network configurations. 
This documentation helps in the case of 
changed IP addresses. 

Secure Environments 

“I maintain classroom networks that 
require isolation from my production net¬ 
work. Could WINS compromise security?” 

In organisations that require a high secu¬ 
rity level on various local networks, admin¬ 
istrators may not want to configure clients 
for WINS access. When you need to isolate 
workstations in classrooms, for example, you 
may want to prevent users from accessing 
corporate network resources. Yet, instructor 
machines might require full network access. 
In this situation, not defining WINS servers 
on the classroom clients ensures that you 
protect resources. 

You need to make sure that you do not 
select the option to enable DNS 
for NetBIOS name resolution. This option 
lets NetBIOS clients resolve hosts defined 
in the DNS server that is specified in the 
client’s network settings. The instructor, in 
contrast, can configure a local LMHOSTS 
file with the required server names for 
NetBIOS resolution. 

Keep in mind that denying WINS only 
makes it more difficult to get file-and-print 


access to NT resources. You still need 
monitor access through TCP/IP servic 
such as FTP and HTTP. Technically sa\ 
users can issue the NET SEND comma 
and specify the IP address for the resou 
to connect to resources from an NT co 
mand prompt. 

The End of WINS? 

WINS does a great job of minimising t 
administrative complexities of NetBI( 
naming while providing improved perfi 
mance for NetBIOS clients. That’s w 
Microsoft originally designed WHS 
Obviously the value of these bene 
increases in direct relation to the size a 
complexity of the network environmen 

Because the upcoming release of h 
5.0 replaces NetBIOS with DNS nat 
resolution lookup, WINS will provide oi 
legacy support for NT 3.51 and 4.0 n 
works. Without WINS’s NetBIOS depe 
dencies, administrators will not ne 
WINS except for interoperating with F 
4.0-based networks. 

Instead of designing new tools to su 
plement NT’s strengths, Microsoft is mo 
ing toward industry-standard methods f 
common services such as logon authen 
cation and name resolution. For this re 
son, NT is sure to become a strong 
Internet and enterprise network player, 
the meantime, understanding when ai 
how to implement WINS not only in 
proves the reliability of your NT networl 
but also provides stability as you prepa 
for the eventual integration with ar 
upgrade to NT’s next release. 



■ ( ABOUT THE AUTHOR ) ; 

David Lafferty is a senior consultant and MCSE/MCT, 
with Metamor Technologies in Chicago, USA, a 
Microsoft Solution Provider/ATEC specialising in 
helping customers transition from legacy systems to 
todays technology solutions. You can reach him at 


www.winntmag.c 








subscribe NOW to Windows NT 


SAVE more than 20% on newsstand prices. 



Receive Windows NT magazine every month and save. You will have access to tips and hints, 
as well as the best writers in the world on Windows NT. We will deliver, right at your desk, 
the most comprehensive information on Windows NT products and services along with Back 
Office information. 


rich of the following job titles most closely 
hes your position? 

Managing Director. Owner. 

Manager 

Data Communications. Network 
Manager 
LAN Manager 
Microcomputer Manager 
i MIS Manager 
i EDP/DP Manager 
' Project Manager/Group Leader 

I Engineer/Architect 

’ Accountant/Finance Officer 
0 Programmer/Systems Analyst 

II Consultant/Adviser 

12 Other computer department 
employee 

13 Educator 

14 Sales Representative 

15 Office Administrator 

16 Student 

17 Other professional 

18 Other (please 
specify) 


□ 6 Communications 

□ 7 Computer 

Retailer/Reseller/Consultant 

□ 8 Finance. Banking. Insurance 

□ 9 Research & Development 

□ 10 Engineering/Architecture 

□ 11 Manufacturing (non-computer) 

□ 12 Retail (non-computer) 

□ 13 Publishing/Media 

□ 14 Health 

□ 15 Legal 

□ 16 Armed Forces 

□ 17 Other (please 

specify) 

3. How much IT equipment do you anticipate 
being involved with the purchase of during the 
next 12 months at work? (Please include all 
hardware, software, peripherals, connectivity 
equipment and consumables) 

□ 1 None □ 6 $50.000-$99.999 

□ 2 $1 -$999 □ 7 $100.000-$249.999 

□ 3 $1,000-$4.999 □ 8 $250,000-$499.999 

□ 4 $5.000-$9.999 □ 9 $500.000-$999.999 

□ 5 $10.000-$49.999 □ 10 $1,000,000+ 


'hat is your organisation's primary business 
rity? 

1 Government Utilities 

2 Agriculture. Mining. Oil 

3 Transportation 

4 Construction 

5 Computer Manufacturer/Distributor 


4. How many microcomputers are you directly 
responsible for at work? 


□ 1 None □ 6 100-499 

□ 2 1-9 □ 7 500-999 

□ 3 10-19 □ 8 1000-999 

□ 4 20-49 □ 9 2000-4999 

□ 5 50-99 □ 10 5000+ 


To receive next month's issue of Windows NT Magazine, your subscription 
application needs to reach us before the 10th of this month. 



ONLY TO BE FILLED OUT IF COUPON IS MISSING 

□ Please send me 11 issues of Windows NT for $59.95 

□ Please send me 22 issues of Windows NT for $100.00 
Mr/Mrs/Miss/Ms 

Company 

Address 

Suburb State 

Postcode 

Phone ( ) Fax( ) 


Enclosed is my cheque/money order for $.payable to 

DWR Publishing OR charge my credit card ED Diners Club 
ED Bankcard Visa Cl Mastercard EH American Express 


Cardholder's Name 



Cardholder's Number 

uuuu uuu 

nnr 

□□□□ 

Cardholder's Signature 


Expiry date 


Fax coupon to (02) 9909 3530 or mail to {reply paid 31) 
PO Box 85. Cremorne. 2090 with credt card details. 























1X11010101.01100111010 110101 Cl 010101 


by JENNIFER HARRISON 


sing Systems Management Server (SMS) to automate an enter¬ 
prisewide upgrade to Windows NT or Windows 95 will save you 
ae, resources, and money. And the time gained with automation 
gives you more time to look after exceptional cases. But the success 
of your upgrade clearly depends on one key step: planning. Too many times, system 
administrators cite lack of time and resources as reasons for skipping this step. But 
the complexity of SMS makes planning mandatory. For a successful deployment, 
you must have a clear picture of the end result and the steps to get there. 

Successful deployment depends on knowing how SMS works, in addition to 
becoming familiar with the Win95 and NT operating system setup programs. SMS 
provides the delivery mechanism, and it drives the 
standard operating system installation routines. To 
automate an upgrade, you must supply the appropri¬ 
ate setup answer files. For Win95, those files are 
msbatch.inf, netdet.ini, apps.inf, wrkgrp.ini, 
automate.inf, custom.inf, and setuplog.txt. For NT, the 
file is nt4.txt. 


software 

distribution 

with 


Preliminary Considerations 

Before you begin, you need to know which operating 
systems SMS lets you upgrade: MS-DOS 5.0 or later, 

Windows 3.lx, andWindows for Workgroups (WFW) 

3. lx to either Win95 or NT. SMS does not allow an 
automatic upgrade from OS/2, and you cannot 
upgrade Win95 to NT 4.0. In these cases, you must perform a manual installation. 

Networked Windows installations also require special handling. If you have a 
networked Windows version and want to use SMS to upgrade, consider rolling 
back to MS-DOS before you upgrade. 

If your environment has any dual-boot computers, you must choose the 
operating system under which you want to install the SMS client, and make that 
OS your primary one. SMS client functionality will not be available under the 
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planning is the key to success 
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References for Planning an Upgrade 


To help you plan an upgrade, check out the following sources: 

• Microsoft Systems Management Server Web page at http://www.microsoft. 
com/smsmgmt. It contains several sources for installing Win95 and NT, and Microsoft 
regularly updates this information. 

• White papers at http://www.microsoft.com/smsmgmt/upgradeos.htm: "Installing and 
Upgrading Operating Systems using Systems Management Server" 

"Advanced Operating System Installation using Systems Management Server" 

"Using Systems Management Server to Deploy Windows 95" 

• Resource kits for NT Workstation and Win95 deployment guides. Deployment guides exist 
for both NT Workstation and Win95. These documents go further in identifying potential 
pitfalls and give step-by-step scenarios and examples. 

TechNet contains the latest bulletins, white papers, and Knowledge Base articles. The 
Knowledge Base is also available at http://www.microsoft.com/kb/default.asp. 

don't have SMS and you want a product overview, download the SMS Planning 
Guide from http://www.microsoft.com/smsmgm1/planguide.htm. 


| • TechNet i 

Knowledj 

I • If you dor 
Guide fro 


secondary operating system. 

To ensure successful automation of 
your new OS rollout, you must plan it 
carefully. The following five steps are cru¬ 
cial in any SMS upgrade plan. (For more 
information on planning an upgrade using 
SMS, see the sidebar, “References for 
Planning an Upgrade.”) 

STEP 1 

Identify Client Configurations 

Both Win95 and NT allow for multiple 
configurations. To begin planning an 
upgrade, you must identify the configura¬ 
tions in your existing environment and 
identify your clients’ optimal configura¬ 
tions. You will use this information for 
testing and for automating or customising 
the setup. Here is a checklist of items 
to consider: 

Setup. Decide the extent to which you 
let users set up and configure their envi¬ 
ronments during initial installation. For 
example, do you want users setting up the 
Microsoft Exchange mailbox using the 
Exchange wizard, or do you want to fully 
automate the setup? 

Networking Options. Determine the 
default protocol (e.g., TCP/IP, IPX). 
Determine what redirector you will install 
(e.g., Microsoft Client for Windows 
Networks, Microsoft Client for NetWare 
Clients, Novell Client 32). Decide which 


Services you need to install (e.g., Simple 
Network Management Protocol - SNMP 
- Agent, Remote Access Service - RAS, 
NetWare Client Services). 

Security. Note which users have access 
to their hard disk. (Locked-down worksta¬ 
tions will require special consideration, and 
you may need to upgrade them manually.) 

Policies. Integrate current and future 
policies into your test plan. 

Profiles. Establish any user or hardware 
profiles. (For information on user profiles, 
see Drew Heywood, “Windows NT User 
Profiles,” October 1997. 

Applications. Identify which applica¬ 
tions are local and which are remote. What 
applications run locally on all desktops? 
What applications run from the server? Do 
you have applications that require open 
database connectivity (ODBC)? 

After you have considered all these 
points, use them to create a specification 
for each operating system and configura- 
tion.The specifications need to match your 
current environment or become a plan for 
your ideal environment. 

STEP 2 

Identify Target Computers 
and Software 

An accurate and complete list of target 
computers (those you want to upgrade) 
in the SMS database is essential for a 


successful upgrade. Take the following 
steps to compile an accurate list of target 
computers: 

• Verify the integrity of the SMS data¬ 
base. Before you query the SMS database 
for target computers, make sure you have 
an up-to-date computer inventory. In¬ 
crease hardware inventory collection fre¬ 
quency to once daily. Use logon scripts to 
collect inventory at logon or when the user 
runs runsms.bat. Drop outdated computers 
from the database. Tip: If the database con¬ 
tains questionable information, you need 
to delete the site history files (*.hms). You 
can find these files in sms\site.srv\inventry. 
box\history. When you delete site history 
files, you do not compromise the database’s 
integrity; instead, you ensure that complete 
Management Information Format (MIF) 
files are passed to the database. 

• Verify hardware compatibility. You can 
use the SMS query function to list com¬ 
puters that meet the new operating sys¬ 
tem’s minimum hardware requirements 
and those that do not. At a minimum, your 
query must identify processor name, 
amount of RAM, available hard disk, dis¬ 
play type, and network card. Also check for 
client computers that are not on 
Microsoft’s Hardware Compatibility List 
(HCL). You may want to exclude these 
computers to avoid potential problems. 

• Verify software compatibility. Some 
programs will run under the new operat¬ 
ing system but will cause an installation to 
fail if they run during the upgrade. For 
example, many virus-checking terminate- 
and-stay-resident (TSR) programs run 
after you install Win95, but you need to 
stop or remove them before you upgrade. 
SomeTSRs are incompatible withWin95, 
but Win95 Setup will remove these TSRs 
from Autoexec.bat. Also, several applica¬ 
tions are not compatible with Win95. 
Determine software incompatibilities 
before you run the upgrade. You can ask 
software manufacturers whether they have 
released an upgrade. 

To help you verify incompatible ap¬ 
plications and TSRs, check out the pro- 
grams.txt file included with Win95. Tip: 
When upgrading WFW to NT Work¬ 
station, having 32-bit file access and disk 
access enabled will cause NT Setup to 
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hang. To disable 32-bit file access, edit the 
system.ini file and comment out the fol¬ 
lowing lines from the [386Enh] section: 

device=vfat.386 

device=vcache.386 

To disable 32-bit disk access, edit the sys¬ 
tem.ini file and comment out the 
following lines from the [386Enh] section: 

device=*BLOCKDEV 

device=*PAGEFILE 

device=*int13 

device=*wdctrl 

STEP 3 

Lab Testing 

Ensure that you allocate adequate time, 
hardware, and people to testing. Focus on 
these three areas: automation and un¬ 
attended scripts, lab testing on target 
hardware, and software testing for 
compatibility. 

Scripts. Use the specifications you cre¬ 
ated in Step 1 to identify the installation 
scripts you need to create and test. Ask 
yourself the following questions: do you 
need to configure an application after you 
install it? Can you automate that configu¬ 
ration? Do you need to add or remove any 
applications or desktop icons installed by 
default? Do you want to add your compa¬ 
ny logo to the wallpaper? Tip: If you’re 
creating a fully automated installation 
script, you can modify the SMS Help 
Desk Options to enable remote control by 
default. See the Microsoft Knowledge 
Base article Q122399, “Enabling Help 
Desk Options for MS-DOS Clients,” for 
details,http://www.microsoft.com/kb/art 
icles/ql22/3/99.htm. You also can estab¬ 
lish different user profiles for different 
departments. 

Target Hardware. Establish a test envi¬ 
ronment that simulates your environment 
with typical target clients and operating 
systems. If possible, back up several real 
clients and restore their images on your test 
computers. You can use the clients’ specifi¬ 
cations to derive a testing goal. Tip: Don’t 
immediately attempt a fully automated 
installation. Start by testing a simple 
upgrade without customisation. Once you 


achieve basic functionality, you can add 
customised scripts or changes. 

When testing, you must use the same 
operating system distribution media that 
you will use for the real upgrade. 
Differences exist between standard retail 
versions of an operating system, OEM ver¬ 
sions, and special versions that come with 
Microsoft Developer Network or 
Microsoft BackOffice. The special releases 
might have setup restrictions that can cause 
your upgrade to fail. As testing progresses, 
write down the test scenarios (client hard¬ 
ware and software configurations, the batch 
files or scripts used, etc.) and the results. 

Software Compatibility. In the test 
environment, you need to upgrade every 
variant of your clients’ operating systems, 
including any patched versions. After 
upgrading the test machines, test every 
local and network application. Check for 
software conflicts, and ensure that the SMS 
client components work correctly. 

When a software conflict exists, try one 
of these three options: 

• Remove computers with incompatible 
software from the machine group, and 
upgrade them manually. 

• Write and run a script that removes or 
stops the incompatible item before the 
upgrade. 

• Build separate target machine groups 
for users with specific needs. For example, 
if outside contractors have security restric¬ 
tions, they can receive a different installa¬ 
tion from full-time employees. 

STEP 4 

Pilot Testing 

A pilot test is a check against lab testing. 
Even if you achieved successful test results, 
you still need to conduct a pilot test. A 
pilot test establishes a real production 
environment with a small set of computers 

This test is your first contact with users, 
and they will introduce a new set of vari¬ 
ables. Try to select technical users and flex¬ 
ible novice users.Technical users might not 
cause errors like a non-technical user 
would, but these users help identify net¬ 
work challenges, such as servers not 
responding or installation scripts not run¬ 
ning correctly. Novice users will help you 


identify unclear parts of your process. 

Choose a variety of hardware configu¬ 
rations, and select a diverse group of users. 
For example, you might want to include 
client configurations you left out of your 
test environment testing. You might also 
decide to have a technician on site during 
an upgrade to help with problems. 

Last but not least, communication is a 
vital factor in successful deployment (e.g., 
management might need to know that 
you must install some client computers 
manually). Inform users of the SMS logon 
script processing, and define Package 
Command Manager for them. Teach users 
how to use it and how to use the other 
SMS client utilities. 

STEP 5 

Production 

After you have evaluated your pilot results 
and made any modifications to your 
process, you are ready to introduce users to 
the new operating system and train them. 
Limit deployment jobs to 25 clients at a 
time, rather than all 1000 or so at once. 
Stop at appropriate places to reassess your 
results and streamline your process. 

In his review of SMS 1.2 for Windows 
NT Magazine in July 1997, Tim Daniels 
wrote: “you need to realise that SMS is a 
precision tool: you must have the proper 
training and support to get the greatest 
benefit.” 

After a successful deployment using 
SMS, everyone in your organisation will 
agree. Your users, Help desk staff, and 
managers will appreciate your careful 
planning and the smooth operation of a 
very complex task. □ 
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a look at LDAP’s capabilities and shortcomings 


L12/XL- 

and the future of directory services 

by CRAIG ZACKER 


s an enterprise network expands from a file- 
and-print platform to a platform that includes 
email systems, databases, Web servers, and 
other applications and services, the need for a 
universal directory service becomes increasingly apparent. 
The big three in the networking industry - Novell, 
Netscape, and Microsoft - are trying to meet this need by 
developing the definitive directory service solution. 
Although their solutions are in different stages of develop¬ 
ment and use different methodologies, all three have com¬ 
mitted to using the Lightweight Directory Access Protocol 
(LDAP) in their directory service products. 

How Novell, Microsoft, and Netscape are using LDAP in 
their directory service products will be the focus of the sec¬ 
ond part of this two-part article. But before you look at how 
the big three are using LDAP, you first need to understand 
LDAPs function, ancestry, birth, and evolution. 


Why You Need LDAP 

In a typical business network, employees need access to dif¬ 
ferent services and applications, such as a network drive (such 
as a Windows NT domain), printers, an email system (such as 
Lotus Notes), and NetWare servers. So even in a basic net¬ 
work, employees need access to several protected services on 
several platforms. Therefore, businesses need a single directo¬ 
ry service that can provide authenticated access to all of these 
resources.This directory service needs to do much more than 
provide usernames and passwords. It needs to effectively store 
many different types of data (such as client contact informa¬ 
tion, application configuration data, and personal documents) 
in a central location. The directory service also needs to give 
employees the ability to access that database from any work¬ 


station on the network or from a remote location. 

The main obstacle to developing such a directory service 
is that many business network services and applications have 
proprietary user directories. Because the data in proprietary 
directories cannot be applied to other applications, network 
administrators must create separate accounts for the various 
services and applications. Creating separate accounts not only 
generates additional work, but also makes the task of chang¬ 
ing passwords a nightmare. 

To create a single user account that provides access to ser¬ 
vices, file servers, databases, and other applications, you need 
a communications link between the directory service and 
proprietary applications. LDAP provides this link. 

Meet LDAP's Ancestors 

Researchers at the University of Michigan, with support 
from the National Science Foundation, originally developed 
LDAP as a simplified means for clients to access X.500 direc¬ 
tory servers. X.500 is the International Telecommunications 
Union (ITU) standard that defines the basic structure and 
functionality of a directory service model. According to 
X.500, a directory service includes five elements. 

1. A directory service has a model that defines the basic 
structure in which information is stored. A directory service 
consists of entries, attributes, and values. 

Entries represent elements in the directory service. For 
example, if a directory service has 20 network users, 2 direc¬ 
tory shares, and a shared printer, the model would include 
one entry for each element, giving a total of 23 entries. 

Each entry contains attributes. Attributes represent the 
properties that the directory service needs to classify the 
entry. For example, the attributes for the entry of network 
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user might be the user surname and the 
user email address. 

Each attribute contains values.Values are 
the representation of attributes. For exam¬ 
ple, the value for the attribute of user email 
address might be jsmith@mycorp.com. 

2. A directory service has a tree-like 
hierarchy, called a directory information 
tree. The DIT stores the directory’s entries 
and uses namespaces to uniquely identify 
every entry’s exact place in the tree. At the 
top of the tree, you use geographical con¬ 
structs (i.e., two-letter country identifiers) 
to determine the hierarchy of entries. As 
you proceed downward, you use more 
arbitrary organisational constructs (e.g., de¬ 
partments) to determine the hierarchy of 
entries. An entry’s distinguished name 
(DN) traces the entry’s path in the tree, 
much like a pathname defines the location 
of a file in a file system tree. (To see an 
illustration of a DIT and a DN, see the 
sidebar “How to Name and Place Objects 
in the Directory Information Tree.”) 

3. A directory service has a collection of 
command functions that clients can use to 
manipulate directory entries. These com¬ 
mand functions include Read, List, Search, 
Add, Delete, Modify, and Bind (brings two 
elements together as a unit). 


4. A directory service has 
a system to authenticate 
users. The directory ser¬ 
vice must authenticate 
users before granting 
them access to the 
directory. You can use 
any of several different 
authentication meth¬ 
ods, including a simple 
password option and the 
Kerberos network 
authentication service. 

5. A directory service has 
a distribution model that 
lets clients (called direc¬ 
tory user agents) view 
the data stored on multi¬ 
ple servers (called direc¬ 
tory system agents) as a 
single entity. If a server 

a.duu receives a request for 

Server A 1 

data that is stored else¬ 
where, it passes the 
request to the appropriate server using one 
of two methods: chaining or referral. 

Chaining is the process by which an 
X.500 server, after receiving a client’s 
request that it cannot satisfy, sends an iden¬ 
tical request to another server. If the second 
server cannot satisfy the request, it passes 
the request to a third server. The servers 
continue this process until the request 
reaches a server that can respond to it. The 
response then follows the same route back 
to the original client, as shown in Figure 1. 

Alternatively, a server can respond to a 
request that it cannot satisfy by supplying 
the requester with a referral. The referral 
identifies the server that contains the 
requested data.The requester, which can be 
the original client or one of the interim 
servers, then sends a new request directly to 
the correct server, as shown in Figure 2. 

Novell, Netscape, and Microsoft created 
their directory service products based on 
these X.500 specifications. The big three 
are not the only companies taking advan¬ 
tage of these specs. Many other organisa¬ 
tions use them, but for a different purpose. 
For example, organisations use X.500 specs 
to build white-page directories. 

From the outset, white-page directories 
have had the potential to store many types 


of information other than phone number 
and email addresses. But this potentia 
remains largely untapped because of prob 
lems with providing client access to th( 
directory server. 

Congratulations, It's a Protocol 

X.500 states that the Directory Accesi 
Protocol (DAP) is the protocol to us( 
when connecting client systems to the 
directory server. But DAP requires tha 
clients use the Open Systems 
Interconnect (OSI) protocol stack as wel 
as significant amounts of memory anc 
other system resources. So the University 
of Michigan designed LDAP as a subset o 
DAP. LDAP eliminates much of DAP’s 
seldom-used functionality. In addition 
unlike DAP, LDAP runs over a standart 
client TCP/IP connection. 

The Internet Engineering Task Force 
(IETF) defines the current version o 
LDAP (LDAP 2) in Request foi 
Comments (RFC) 1777 and RFC 1778. 
LDAP 2, which contains more specifica¬ 
tions than most protocols, describes how a 
client and a server can exchange X.500- 
based messages. 

In the exchange process, the LDAP 
client uses a TCP connection to send 
requests to an LDAP server. As Figure 3 
shows, the server then uses OSI com¬ 
munications to perform the requested 
activities on the X.500 directory. The 
LDAP server can be a separate application 
that uses an LDAP gateway to 
communicate with an X.500 server, or it 
can be part of an X.500 server 
implementation. 

Here is how LDAP systems differ from 
X.500 systems. LDAP servers use the same 
directory service structure and namespaces 
as X.500 servers, but LDAP servers use 
fewer command functions to provide 
roughly the same level of functionality. For 
example, an X.500 server has Read and 
List commands, while an LDAP server uses 
the Search command to carry out these 
two functions. 

LDAP servers have fewer authentica¬ 
tion capabilities than X.500 servers. 
Whereas X.500 servers offer several 
authentication methods, LDAP servers 
have only two options: plain-text password 






and version 4 of the Kerberos network 
authentication service. 

Unlike an X.500 client, an LDAP client 
does not participate in the referral process. 
Instead the LDAP server processes referrals 
and regenerates requests. The only com¬ 
munications that an LDAP client can 
receive from a server are the responses to its 
requests and error messages explaining a 
server’s failure to fulfill a request. 

LDAP servers reduce the burden of the 
directory service client by simplifying the 
encoding process used to transmit the dis¬ 
tinguished names of directory entries. 
X.500 servers do not perform this service. 

LDAP's Evolution 

As more companies adopt LDAP, they are 
finding innovative ways to use it. Take, for 
example, Netscape and Microsoft. Because 
LDAP runs over a TCP/IP connection, 
access to X.500 data is no longer limited to 
OSI clients on intranets. Clients can use 
the Internet to access private X.500 direc¬ 
tories, a process that has come to be known 
as extranetting. Extranetting has led to the 
first widespread implementation of LDAP 
clients, which took the form of address 
books for the email applications in 
Netscape Communicator and Microsoft 
Internet Explorer (IE). 

Both Communicator and IE let users 
search for email and telephone addresses in 
private directories on a local network. In 
addition, as Screen 1 shows, users can 
search for email and telephone addresses in 
Internet white pages that use LDAP servers 
such as Fourll and Bigfoot. Commun¬ 
icator and IE serve as a model for future 
application development because these ser¬ 
vices use an LDAP-client module rather 
than a proprietary authentication directory. 

Netscape used LDAP in another in¬ 
novative application.To facilitate the use of 
LDAP over the Internet, RFC 1959 
defines a universal resource locator (URL) 
format that provides direct access to LDAP 
servers through a browser application.This 
format includes a new LDAP prefix to 
replace the HTTP commonly seen in 
URL notation. For example, a URL like 
Idap: //Idap. mycorp. com /o =Sales, c=US?Email 
Address?one would return the values con¬ 
tained in the email address attribute for all 
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How to Name and Place Objects in the Directory Information Tree 




In a Directory Information Tree (DIT), you classify directory service entries into object classes. Typical 
object classes include person objects, organisation objects, and country objects. 

When referring to the object class, you use the appropriate abbreviation. For example, CN (common 
name) represents a person object, 0 (organisation) represents an organisation object, and C (country) 
represents a country object The object's abbreviation precedes the object's name. So, for example, 
if the object is a person whose name is J. Smith, the notation is CN=JSmith. 
An object class dictates the required and optional attributes for that object. For example, the object 
class for the person object might require you to include values for the attributes of surname and 
common name, while it gives you the option of listing values for the attributes of telephone number 
and email address. 

The object class also defines entries' relationships with each other so that you know where they 
belong in the DIT. For example, as Figure A shows, country objects are in the first layer below the root 

Country objects always take this position because their object class requires that they be located 
immediately beneath the DIT's root Similarly, the DIT's second layer is typically organisation objects 
because the object class for organisation objects dictates that they be located directly beneath a 
country object or another organisation object 

An entry's distinguished name (DN) traces the entry's path in the DIT. You create the DN by listing 
the class and name of the desired object followed by the class and name of the object directly above 
the desired object and so on, all the way to the root. 

For example, the DN for J. Smith is CN=JSmith, 0=Sales, C=US. Using this form of notation, you 
can uniquely identify the user as J. Smith in the US sales office, which distinguishes him from any 
other users named J. Smith in other organisations or countries. 

If your colleagues understand that you are talking about objects located in the US sales 
organisation,you can refer to J. Smith as simply CN=JSmith. This shortened version is called a relative 
distinguished name (RDN). 

The directory service schema define the object classes used to create directory entries. The schema 
also define the attributes contained in those classes and the syntax for the values of those attributes. 
If a particular application or service requires a special type of object or an additional attribute for an 
existing object you can add new classes to the schema or modify existing classes. 
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of the objects in the US sales department 
of the given company. As of this writing, 
the Netscape Navigator in the Netscape 
Communicator 4.0 Preview Release 3 
is the only browser that supports 
LDAP URLs. 

The potential of LDAP goes beyond 
access to X.500 directories. Even with 
LDAP largely replacing DAP for client/ 
server communications, X.500 is a difficult 
directory to install and maintain, making it 
impractical for use as an intranet directory 
service, except in large organisations. So 
major software vendors are trying to use 
LDAP servers to communicate with other 
directory services or to function as a direc¬ 
tory in itself. 

Although Netscape was successful in 
using an LDAP server as a directory, ven¬ 
dors’ attempts to use LDAP to access other 
directory services have been mostly unsuc¬ 
cessful. This fact isn’t surprising, however, 
given that RFC 1777 states LDAP 2 is 
designed to provide access to the X.500 
directory. For this reason, work is proceed¬ 
ing on LDAP 3. The current draft specifi¬ 
cation describes LDAP 3 as being designed 
to provide access to directories supporting 
the X.500 model and not necessarily to the 
X.500 directory itself. 

This revision is a critical step in the 
evolution of the protocol. Many different 
parties, especially Microsoft, Novell, and 
Netscape, want to see LDAP developed 
in ways that best suit their needs. But for 
the good of the networking industry, 
partisan interests must not affect the 
future of the standard. 

One primary improvement planned in 
LDAP 3 is the protocol’s ability to modify 
a directory’s structure to accommodate the 
requirements of specific applications. This 
modification would involve altering the 
directory’s schema. The schema is a set of 
rules that governs the nature of a directory 
entry, its attributes, and the syntax of the 
attributes’ values. 

Modifying a directory’s schema is not 
terribly difficult. The problem arises when 
directories with different schema must 
communicate with each other. LDAP 2 
doesn’t address this problem because the 
LDAP server was expected to always be 
communicating with an X.500 directory. 



To solve incompatible 
schema problems, several dif¬ 
ferent groups are working to 
develop standard schema. The 
groups will face many chal¬ 
lenges. Not only do they have 
to develop a single standard, 
but they also have to rewrite 
existing applications using the 
new schema. 

The LDAP 3 draft specifi¬ 
cation calls for a different, 
more universal solution to 
incompatible schema: the use 
of specialised subschema 
entries. With subschema 
entries, people could publish 
the details of a directory’s 
schema and share those 
details with another directo¬ 
ry. An exchange of schema 
information would occur 
before two directories begin 
to communicate. 

The LDAP 3 draft specifi¬ 
cation proposes other major 
improvements, such as better 
support for user authentica¬ 
tion. Instead of offering the 
option of plain-text passwords 
(which isn’t an option if you 
want a secure network), the LDAP 3 draft 
promotes the use of the Secure Sockets 
Layer (SSL) standard, which is commonly 
used for Internet communications, and a 
new mechanism called the Simple 
Authentication and Security Layer (SASL). 
With SSL and SASL, people will have a 
real security alternative if they don’t want 
to implement a third-party authentication 
service, such as Kerberos. Other proposed 
LDAP improvements include support for 
international character sets, type-down ad¬ 
dressing (which lets search engines narrow 
their selection as each letter of a query is 
entered), LDAP server ability to return 
referrals to a client, and the delivery of 
search results in individual pages. 

Many improvements proposed in the 
LDAP 3 draft specification are pushing the 
protocol away from being properly labeled 
as lightweight. However, when you com¬ 
pare LDAP 3 to X.500, the label remains 
appropriate. In addition, as the LDAP 3 


■ Screen 1: 

Searching Internet white pages with Microsoft 
Internet Explorer 

draft specification approaches the point at 
which it enters the standards track of the 
IETF review and development process, 
some of these features will likely be 
removed to streamline the protocol. □ 
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Communicating with systems that 


don't understand WINS 


WINS Proxy Agents 


his month I have two agendas: to finish up 
Windows Internet Name Service (WINS) 
once and - I hope - for all, and to pass along 
a smile and some consternation about some 
upcoming Microsoft releases of Exchange, Windows NT, 
and Windows. Last month I discussed push and pull part¬ 
ners in WINS; you need this information if you’re going 
to build a large IP-based network of NT and 
Windows 95 systems. 

But how will your network’s systems that don’t under¬ 
stand WINS resolve NetBIOS names? With a WINS 
proxy agent (WPA). 

Suppose you have a domain named US on an intranet 
with two subnets (call them A and B).Your only domain 
controller is on B (the only WINS server), and you have 
a workstation on A that doesn’t know how to use WINS. 
Someone tries to log on to the domain from the work¬ 
station on A, so the workstation must find a domain con¬ 
troller. Therefore, the workstation broadcasts, “Does any¬ 
one out there have the name US<1C>?” (Recall that 
<1C> is the suffix that indicates that a machine is a 
domain controller and can act as a logon server.) Because 
the workstation is broadcasting and broadcasts don’t cross 
routers, the name resolution request will never reach 
across to subnet B. Therefore, the domain controller will 
never respond, and the domain logon will never happen. 

(While I’m on the subject, let me answer a common 
question. If you don’t use WINS or LMHOSTS, and if 
you select Use DNS for Windows Name Resolution, Domain 
Name System (DNS) will not be able to locate domain 
controllers. DNS can find machine names, but DNS can’t 


understand suffixes such as <1C>, so it can’t find domain 
controllers.The DNS with NT 5.0 can find special kinds 
of servers, however, because of RFC 2052 and a new 
resource record type.) 

Suppose, however, that a WINS-aware machine is on 
subnet A. Suppose, too, that the machine is a kind of good 
Samaritan. It hears the workstation’s plaintive cry and 
repeats the <1C> request, but instead makes the request 
to the WINS server on subnet B. The WINS server on B 
says to the good Samaritan, “I’m here at address X.”The 
good Samaritan then relays the response to the worksta¬ 
tion, and the workstation can now locate the domain 
controller even though the domain controller is on a dif¬ 
ferent subnet. The good Samaritan is a WPA. 

WPAs also help with name registrations. Suppose our 
workstation has been named WORKSTATION, but 
another machine has the same name. Usually, a non- 
WINS-aware machine tries to ensure that it has a unique 
name by broadcasting the name on startup, saying in 
effect, “I think my name is WORKSTATION, but if any¬ 
one already uses that name, better tell me now.” If anoth¬ 
er WORKSTATION on the same subnet has the same 
name, it will reply, “No, I’ve already got that name.” 

But if the other machine is on another subnet, how 
will it know that a name collision has occurred? Usually 
WINS will tell it, but that service is no help if the 
machine registering the name doesn’t use WINS. The 
WPA can help here, too. When a non-WINS-aware 
machine broadcasts a name registration, the WPA looks 
up that name with the WINS server. If WINS reports a 
conflict, the WPA acts on behalf of the WINS server and 
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responds saying, “No, you can’t use that 
name; I’m using it.” 

Oddly enough, WPAs help only with 
name resolution and name registration 
conflicts. If a machine named ORANGE 
on subnet A registers a name, the WPA on 
A ensures that the name ORANGE does¬ 
n’t conflict with any names that the WINS 
server on B knows. But the WPA doesn’t 
register the name with WINS; the WPA 
just check for conflicts. As a result, the non 
WINS-aware workstation named OR¬ 
ANGE on subnet A registers its name just 
fine at, let’s say, 8:00 a.m. Then if a work¬ 
station on B tries to register the name 
ORANGE, the WPA won’t challenge the 
name. Whether the ORANGE on B reg¬ 
isters its name via a broadcast or via WINS, 
the WPA won’t notice the conflict because 
the WPA checks for a name collision only 
when the ORANGE on A starts up. Even 
with WPA computers, running a network 
that combines WINS-aware and non- 
WINS-aware machines can be a bit tricky. 

Further, suppose the ORANGE on 
subnet B, the same subnet as the WINS 
server, is also not WINS-aware and regis¬ 
ters its name through a broadcast. Because 
the WINS server is on the same subnet, it 
hears the broadcast - but does it put that 
name registration in the WINS database? 
Again, oddly, no. 

To make a machine a WPA, you 
use a Registry entry, HKEY_LOCAL_ 
MACHINE\System\CurrentControlSet\ 
Services\NetBT\Parameters. You must 
add the parameter EnableProxy of 
type REGJDWORD and set it to 1. 
You want only one WPA per subnet 
because multiple WPAs on a subnet con¬ 
fuse matters significantly. 

Stinky Exchange 6 
and Driver Divorce 

I came across some amusing and disturbing 
rumours this month, one about the next 
version of Exchange and another about the 
next version of NT and Windows. 
Exchange is a neat email system, but it’s fair¬ 
ly limited.You don’t get much performance 
out of an Exchange machine beyond two 
processors and 256MB of BAM; add an 
extra processor, and essentially nothing 
interesting happens. Put more RAM than 


256MB on an Exchange server, and it gets 
slower. Add these limitations to a maximum 
message storage of 16GB for public stores 
and another 16 GB for private stores, and 
the result is that you’re hard pressed to put 
more than about 3900 users on one 
Exchange server. In any case, Microsoft 
intends the next version of Exchange to be 
the scaling version - the version that can 
take on bigger loads. That development is 
good news, and my hat’s off to Microsoft for 
continuing to improve Exchange. 

What I find particularly funny is that 
Microsoft’s internal code name for 
Exchange 6, the next version, is Osmium. 
As I recall, osmium is the name of a heavy 
metal like lead. Osmium is the heaviest 
substance known - denser than lead — and 
a reviewer less kind than I am might be 
tempted to draw comparisons between the 
metal and the software’s documentation 
and user interfaces. 

On a more serious note, a contact tells 
me that Microsoft is no longer planning to 
use Win32 Driver Model video drivers in 
NT 5.0.Very bad news! The Win32 Driver 
Model was, in my opinion, going to be 
probably the best feature ofWindows 98. 
As the story’s been told, the next genera¬ 
tion ofWindows and of NT were to have 
99 per cent common code for handling 
drivers. This common code would have 
meant a more stable Windows, because the 
plan supposedly was to put NT code into 
Windows rather than vice versa. 

That approach is great for Windows 
users. But NT users would get a big boost, 
too, because NT drivers and Windows dri¬ 
vers would be identical. Seems as though 
every neat gadget I see around, such as dig¬ 
ital cameras, video capture doodads, or 
even the infrared port on my Digital Ultra 
II laptop, will work only under Win95. 
(You know the Ultra II - it’s the laptop that 
Digital advertises as “designed for Windows 
NT 4.0”. That claim must refer to the lap¬ 
top rather than its interfaces.) As a writer, 
I’m often troubled by carpal tunnel dis¬ 
comfort, so I have purchased every voice- 
based text input software around - 
Kurzweil, IBM, and Dragon Systems - and 
only Dragon has software that runs under 
NT. Scrounging for drivers for oddball 
gadgets such as cameras and voice recogni¬ 


tion is bad enough, but the true frustratior 
comes from video drivers: you buy a nic< 
graphics card, and the best you can do foi 
drivers are betas that never seem to go final 

The consequence is, I’m sure, familial 
to many NT users. I keep a copy o 
Win95 on my laptop so that I can boot i 
once in a blue moon if I need to down¬ 
load images from my digital camera. A: 
for the video problems, well, you just live 
with the beta video drivers, despite theii 
lower stability, greater tendency to buggi¬ 
ness, and lower performance. Generally, 
you can’t even complain to the vendor 
about the weak drivers; the vendor will 
remind you that the drivers are beta any¬ 
way, so what do you expect? 

Merging the driver model means that 
any vendor who writes a Windows 98 
driver - and you can bet they all will - also 
will be writing an NT 5.0 driver. For rea¬ 
sons that my contact could not explain, 
Microsoft is backing off on that goal and 
won’t merge the video drivers for NT and 
Windows, at least not for Windows 98 and 
NT 5.0. (Microsoft confirmed this plan to 
me but claimed that the company had never 
promised to merge the drivers; interesting 
in an Orwellian, Animal Farm kind of a way, 
isn’t it?) I have to wonder whether a tech¬ 
nological barrier is preventing Microsoft 
from merging the drivers, or whether 
Microsoft is just holding out a few goodies 
so we’ll have a reason to buy the next ver¬ 
sion of the operating systems? Sometimes I 
think The X-Files’ Fox Mulder will get his 
sister Samantha back before we get a reli¬ 
able, unified set of desktop operating sys¬ 
tems. If anyone out there has some leverage, 
talk to the Microsoft folks, OK? □ 
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guard against annihilation 


Virus protection these days is a must. There are 
now thousands of computer viruses and more 
appear constantly. Viruses have the potential to 
down your systems, cause you loss in productivity 
and worst of all, destroy all the data on the system. 
Even before diagnosis, viruses can cause system 
crashes and difficulties with software packages. 

Every time your users swap disks, log onto the 
network, exchange email, or download files from 
the Internet, they are putting their data - and 
yours - at risk. 

Vet it first. That’s why you need the protection of 
Australasia’s leading anti-virus software-VET. It’s a 
small investment with the potential to save you lots. 

You’re in good company. VET is a world leader 
in the anti-virus field. An effective, proven virus 


destroyer, VET is relied on by major banks and 
financial institutions, industrial firms and 
government departments in over 30 countries 
including the UK, USA, Malaysia and New Zealand. 

VET gives you total protection. VET protects 
against macro viruses and conventional viruses 
whether you’re using Windows 95, Windows NT, 
Windows 3.x, DOS or Novell NetWare. 

VET NT Server and VET NT Workstation give top 
level protection for NT versions 3.51 and 4.x and 
the server product features a Scheduler for 
maximum usability - set it up once and it will do 
the work for you. 

Software that’s easy to use. VET is designed 
for people, not just machines - it is easy to install 
and is totally automatic. Your staff can use their 


PCs normally while enjoying full, effective 
protection. 

VET offers automatic network installation and 
logging capabilities so you have full control of 
virus protection throughout the organisation. 

Protection that never stops. New viruses are 
constantly appearing. We work to ensure that you 
always have current protection which is 
dependable, functional and user-friendly. Each 
quarterly upgrade will provide protection for around 
500 new viruses. And more frequent upgrades are 
available any time from our web site. 

Support on your doorstep. With VET, support is 
available when and where you need it. And we're 
based in Australia - so local support really means 
local support. Don’t risk annihilation. VET it first! 


i ET Anti-Virus Software Tel: 1300 364 750 

lead Office: 1601 Malvern Road Glen Iris Victoria 3146 

VWW http://www.vet.com.au Email info@vet.com.au 
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Inside NT's 

Object Manager 


wmmimniimnfmrmm 

Uncovering this important but 


little-known Executive subsystem 


he Object Manager is the Windows NT 
Executive subsystem that receives the least 
amount of attention or recognition. Ironically, 
the Object Manager provides a resource man¬ 
agement support infrastructure that all other NT 
Executive subsystems (including the Memory Manager, 
I/O Manager, and Process Manager) rely on. The Object 
Manager is a support subsystem that performs its work 
behind the scenes. As an NT systems administrator or a 
Win32 programmer, you probably will never interact 
directly with the Object Manager; however, almost 
everything you do, from opening files to starting a pro¬ 
gram to viewing the Registry, requires its assistance. 

In this tour of the Object Manager, I’ll first describe 
where the Object Manager fits into NT’s architecture, the 
role it plays in common operations, and the services it 
provides. Next, I’ll explain how NT’s subsystems define 
object types and what kind of information the Object 
Manager tracks. Finally, I’ll look at the Object Manager 
namespace, which is the doorway to file system name- 
spaces and the Registry namespace. 


Resource Management 

A major part of NT’s role is managing a computer’s phys¬ 
ical and logical resources, such as physical and virtual 
memory, disks, files, processes, threads, synchronisation 
primitives (semaphores, events, etc.), printers, and video 
displays. NT must provide a mechanism whereby pro¬ 
grams can look up resources, share them, protect them, 
read and modify their attributes, and interact with them. 
Thus, resource management encompasses tracking the 



state of resources, allowing only actions consistent with 
their state, and an API so that programs can manipulate 
them. 

Files are a visible example of a common resource. NT 
provides an API for creating and opening files; modifying 
their attributes (hidden, read-only, etc.); and on NTFS, 
ensuring that programs honour file security settings. 
Programs expect these capabilities, and NT implements 
its resource management (i.e., the way NT efficiently 
keeps track of a file’s state) hidden from applications. The 
operating system does the work of tracking the state and 
protecting resources. 

In NT, the typical way a program accesses a resource 
such as a file is to open or create the resource and then 
manipulate it. Usually, a resource is assigned a name when 
it’s created so that programs can share it. To look up or 
open an existing shared resource or a global resource 
(e.g., a file system, disk, or other physical device attached 
to the system), a program specifies the resource’s name. 
However, programs often create unnamed resources, 
which typically are logical resources (e.g., synchronisation 
primitives), that an application will privately use. 

Regardless of whether resources are physical resources 
(such as disk drives and keyboards) or logical resources 
(such as files and shared virtual memory), NT represents 
them as object data structures, which the Object Manager 
defines. Objects are shells that other NT Executive sub¬ 
systems can fill in so that they can build custom object 
types to represent the resources they manage.The Object 
Manager tracks information that is independent of the 
type of resource an object represents; the subsystem 
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-specific core of an object contains data 
relevant to a particular resource. 

The reason NT builds objects using the 
Object Managers infrastructure is simple: 
each subsystem does not need to reinvent 
the wheel to track the system-related state 
of an object, look up its resources, charge 
applications for the memory required to 
allocate an object, and protect resources 
with security. By concentrating these func¬ 
tions in the Object Manager, Microsoft can 
share code across subsystems, write and val¬ 
idate NT’s security code once, and apply 
the same naming conventions to all 
resources. 

Object Types 

The Object Manager’s duties involve cre¬ 
ating object types, creating and deleting 
objects, querying and setting an object’s 
attributes, and locating objects. As I men¬ 
tioned previously, Executive subsystems 
(including the Object Manager) create 
objects that represent the resources they 
manage. Before a subsystem (e.g., the I/O 
Manager) can tell the Object Manager to 
make an object (e.g., a file), the Object 
Manager must define the underlying object 
type that the subsystem will instantiate the 
object from. Object types, like classes in 
C++ parlance, store information common 
to all objects representing the same type of 
resource. This information includes statisti¬ 
cal information and pointers to the 
method procedures that the subsystems 
will invoke when they perform actions on 
an object of the corresponding type. Thus, 
when the Executive subsystems initialise, 
they call a function in the Object Manager 
to define their object types. 

For example, open files require 
resource management, and the I/O 
Manager subsystem builds file objects 
(with help from the Object Manager) to 
track open files. Inside the file object’s 
body, the I/O Manager keeps track of the 
file’s name, its logical volume, and whether 
the file is marked for deletion; the file 
object also provides storage for private data 
associated with the file system driver that 
the file belongs to. 

Other examples of subsystem object 
types include process objects, which repre¬ 
sent active processes; section objects, which 
represent memory-mapped files or shared 


Table 1; 

Object Types and Defining Subsystems 


Object Type 

Represents 

Defining Subsystem 

Object type 

Object type object 

Object Manager 

Directory 

Object namespace 

Object Manager 

SymbolicLink 

Object namespace 

Object Manager 

Event 

Synchronisation primitive 

Executive 

EventPair 

Synchronisation primitive 

Executive 

Mutant 

Synchronisation primitive 

Executive 

Semaphore 

Synchronisation primitive 

Executive 

Windows Station 

Login session 

Win32 

Desktop 

Windows desktop 

Win32 

Timer 

Timer notifications 

Executive 

File 

Tracks open files 

I/O Manager 

loCompletion 

Tracks I/O completion notifications 

I/O Manager 

Adapter 

DMA resource 

I/O Manager 

Controller 

DMA controller 

I/O Manager 

Device 

Logical or physical device 

I/O Manager 

Driver 

Device driver 

I/O Manager 

Key 

Doorway to the Registry 

Configuration Manager 

Port 

Communications channel 

LPC Facility 

Section 

Memory mapping 

Memory Manager 

Process 

Active process 

Process Manager 

Thread 

Active thread 

Process Manager 

Token 

Process security profile 

Process Manager 

Profile 

Performance monitoring 

Kernel 


memory; and device objects, which repre¬ 
sent physical or logical devices. Table 1 
summarises the 23 object types NT 4.0 
defines. 

As with objects, NT implements object 
types as data structures. Figure 1 shows 
typical information an object type data 
structure stores. The object type’s statistical 
data is useful for system monitoring. This 
data includes information such as the name 
of the object type, how many objects of 
that type currently exist, the maximum 
number of objects that have existed at any 
time, and the default amount of memory 
that NT charges a process each time the 
subsystem creates an object of that type. 

Object type procedures or methods are 
what really differentiate object types. When 
a subsystem creates an object type, the sub¬ 
system passes to the Object Manager a data 
structure that contains pointers to all the 
object type procedures. The Object 
Manager calls these procedures when the 
subsystem requires actions performed on 
an object. For example, if a subsystem wants 
to close an object, the Object Manager first 


calls the Okay-To-Close Procedure (if the 
subsystem has specified one). If that proce¬ 
dure returns a FALSE value, an error 
returns to the closer to signal that the 
object cannot be closed. If the procedure 
returns a TRUE value, the Object Manager 
then calls the Close Procedure so that the 



■ Figure 1; Object Type Data Structure 
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subsystem responsible for the object can 
clean up the object’s state. Each object type 
procedure receives a predefined list of 
parameters that includes information perti¬ 
nent to the requested operation. The call¬ 
out mechanism the Object Manager uses 
for object types lets subsystems see and con¬ 
trol the actions taken on the objects (and 
therefore, the resources) that they manage. 

I’ll describe the purpose of most of the 
object type procedures throughout the rest 
of the article, but I’ll comment on two 
unrelated procedures that appear in Figure 
1 now. The Dump Procedure is not defined 
for any object type, nor does NT ever ref¬ 
erence it. Microsoft developers probably 
relied on dump procedures in the early days 
of NT, but they removed the code after 
they had the basic object building blocks in 
place and working. The Security Procedure 
lets subsystems implement object security 
schemes that differ from NT’s default secu¬ 
rity policies. NT falls back on its default 
security policies if a subsystem does not 
define a Security Procedure. 

Objects 

When a subsystem directs the Object 
Manager to create an object, the subsystem 
passes the Object Manager a pointer to an 
object type, which serves as the connection 
to the object type’s global data and proce¬ 
dures. Other parameters include an option¬ 
al name and security information to be 
applied to the new object, the size of the 
subsystem-specific body of the object, and 
pool charges that can override the default 
charges in the object type. 


To the subsystem creating the new 
object, the Object Manager returns a 
pointer to the body of the new object. In 
this body area, subsystems can store data 
that tracks the state of the resource the 
object represents. Preceding this body 
(effectively private to the Object Manager) 
is an object header, which Figure 2 illus- 
trates.The object header stores the name of 
the object, the parameters passed to the 
creation function, the object’s security 
attributes, and a pointer to the object type. 

Two fields in the object header, 
Handle Count and Reference Count, track 
different kinds of references to the object. 
Handle Count refers to the number of 
times applications have opened the object. 
When a program opens or creates a 
resource, NT’s APIs return a special value, 
or handle, that the program can use to refer 
to the open resource. APIs that manipulate 
a resource’s state use the resource’s handle 
in lieu of its name; thus, handles provide a 
convenient way to refer to open resources. 

Although handles are opaque values to 
applications, handles reference entries in a 
process’ handle table (also shown in Figure 
2). A handle table is a dynamically managed 
array (i.e., no hard upper ceiling exists for 
how large the array can become) that the 
Object Manager indexes via handles to 
locate the objects the handles refer to. 
Handles are process specific, so two 
processes can have different handle values 
for the same open resource. 

When a program closes an object, the 
Object Manager calls the object type’s 
Close Procedure and passes it the object’s 


handle count. One example of a subsystem 
that monitors object handle counts is the 
I/O Manager, which notifies file systems 
when it closes all handles for a file object so 
that the file system can perform necessary 
cleanup operations. At that time, a file sys¬ 
tem will delete a file marked for deletion, 
because no application is using it. 

The second field tracked in object 
headers, Reference Count, is the total 
number of references to an object. 
Operating system components can refer¬ 
ence or create objects without going 
through the NT API, and consequently, do 
not require handles. Reference Count 
records the number of handles for an object 
plus the number of active references that 
operating system components make to the 
object.The Object Manager uses this count 
to determine when the system no longer 
needs an object. When Reference Count 
drops to zero, nothing in the system is using 
the object, so the system can remove the 
object’s state and storage. The Object 
Manager will call an object type’s Delete 
Procedure (which eliminates the object, 
not the resource the object represents) with 
the object as a parameter. 

Locating Objects 

Up to this point, I’ve avoided the details 
about how applications open an object by 
specifying the object’s name. Every NT 
object that has a name fives within the 
Object Manager namespace. This name- 
space, which is very much like the familiar 
file system namespace, consists of directo¬ 
ries that contain subdirectories or objects. 
In fact, you enter the file system namespace 
(with names like C:\temp\file.txt) and the 
Registry namespace (with names like 
RegistryXMachine) via the Object 
Manager namespace. First, let’s look at the 
Object Manager namespace, and then we’ll 
look at how NT embeds alternative name- 
spaces within it. 

If you study Table 1, you’ll see the 
Object Manager’s Directory and Symbolic- 
Link object types. NT uses these object 
types to define the Object Manager name- 
space.The optional name given to an object 
when it’s created locates the object within 
the namespace. When NT is initialising, var¬ 
ious subsystems create directories in the 
Object Manager namespace. The I/O 

















































■ Figure 3: 

Namespaces Connected 
Through the Object Manager 
Namespace 


■ Screen 1: 

Viewing the Object Manager 
Namespace with the 
alternative WinObj tool 



Manager creates a \device subdirectory that 
it will use to store named device objects, 
and the Object Manager creates a subdirec¬ 
tory called \??. The \?? subdirectory holds 
objects accessible via the Win32 API.Thus, 
any Object Manager resource referenced 
from Win32 must have a corresponding 
named object in this subdirectory. 

For example, serial ports named 
COM1, COM2, and so forth in Win32 
have objects with those names in the \?? 
subdirectory. You’ll also find C: and other 
drive letters in this directory. The objects 
with those names are symbolic link objects, 
which point (with alternative names) at 
objects elsewhere in the namespace. Drive 
letters point to the \device subdirectory at 
device objects that have names associated 
with the hard disk partitions they reside on. 
For example, C: might point at 
\device\harddiskO\partitionl. 

An object type’s Parse Procedure is 
what lets NT connect alternative name- 
spaces to the Object Manager namespace. 
When the Object Manager performs a 
name lookup and encounters an object, the 
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Object Manager checks to see whether the 
object’s type has a Parse Procedure, and calls 
it.The subsystem managing the object type 
can then take the remaining portion of the 
name and perform a lookup within the 
subsystem’s namespace. 

The same sequence of events happens 
when you open C:\temp\file.txt from a 
Win32 program. First, Win32 translates the 
name to \??\C:\temp\file.txt. Next, NT 
calls the Object Manager’s name-parsing 
routine, which locates the C: symbolic link 
object in the \?? directory. The Object 
Manager then looks up \device\hard- 
diskOXpartitionl, which the symbolic link 
points to, and finds a device object. The 
Object Manager passes the rest of the 
name, \temp\file.txt, to the I/O Manager’s 
device object type Parse Procedure, which 
locates the file system responsible for C: 
and hands it the name. 

You enter the Registry namespace 
similarly via the \Registry key object type 
Parse Procedure. Figure 3 presents a simpli¬ 
fied depiction of these three namespaces 
and how they are connected. (In Figure 3, 


HKLM stands for HKEY_LOCAL_ 
MACHINE, and HKCU stands for 
HKEY_CURRENT_USER.) 

Most Win32 programmers and sys¬ 
tems administrators don’t know about the 
Object Manager namespace because they 
don’t need to know about it to open files 
and Registry keys. However, you can use 
native NT system services to obtain infor¬ 
mation about what’s in the namespace. 
With the Win32 software development kit 
(SDK), Microsoft provides the WinObj 
tool, which will display the namespace as if 
you were browsing with Explorer. 
Unfortunately, the WinObj tool has several 
significant bugs that cause it to display 
incorrect information (e.g., inaccurate han¬ 
dle and reference counts). 

Another version of the WinObj tool, 
which you can get at http://www.nt 
internals.com/winobj.htm, doesn’t suffer 
from the same problems as Microsoft’s 
WinObj tool, and it displays additional 
information about certain object types. 
Screen 1 shows the view of the Object 
Manager’s \?? directory that this alterna¬ 
tive WinObj tool displays. One subdirec¬ 
tory worth noting is the ObjectTypes sub¬ 
directory, which contains all the defined 
object types. 

A Little Knowledge 
Goes a Long Way 

Although you can get along just fine man¬ 
aging or programming NT without know¬ 
ing about the Object Manager, some famil¬ 
iarity with it is useful. Even if you don’t run 
into problems, knowledge of NT object 
management can give you a better under¬ 
standing of NT’s architecture and the 
Win32 API. □ 



Mark Russinovich holds a Ph.D. in computer 
engineering from Carnegie Mellon University, 
USA and is an NT internals consultant with 
Open Systems Resources in New Hampshire 
USA. You can reach him at mark@osr.com or 
at httpMwww.ntinternals.com. 
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® I took an NT Server that was acting as 
a Primary Domain Controller (PDC) 
offline, and the Backup Domain Controller 
(BDC) became the PDC. When I brought 
the original PDC back up, both domain 
controllers acted as the PDC. How can Ifix 
this problem? 

A:You need to demote the original PDC to 
the BDC.To demote the original PDC, fol¬ 
low these steps: 

1. Go to Control Panel, Services; select 
Net Logon; and click Stop. Alternatively, go 
to the original BDC and stop the 
NetLogon service at the DOS prompt, 
with the command 

net stop netlogon 

2. Click Start, Programs, Administrative 


AT A GLANCE PAGE 

Demoting a PDC to a BDC.154 

Accessing NT's FTP Service with 

a Netscape Browser.154 

Fixing a Stop Error that Occurs 

with Network Monitor.155 

Fixing Service Pack Invalidation.155 

Modifying Hardware to be NT 

Compatible.155 

Making NT Recognise a Sound 

Blaster Card .155 

Uninstalling SP3.155 


Tools, and select Server Manager. Choose 
the machine name of the original PDC and 
then select Demote To Backup Domain 
Controller from the Computer drop-down 
menu. Completing this step will change the 
original PDC to a BDC. 

3. Go to Control Panel, Services; select 
Net Logon; and click Start. Alternatively, 
you can restart the NetLogon service on 
the original BDC at the DOS prompt, with 
the command 

net start netlogon 

4. Resynchronise the domain from 
Server Manager. 

(You can promote the original PDC to 
PDC using Step 2.You need to demote the 
current PDC to a BDC immediately after 
this step.) 

If this process does not work (possibly 
because of security ID — SID — corruption), 
you can perform the following steps. 
However, try this resolution as a last resort; 
Microsoft does not support it. Using the 
Registry editor incorrectly can cause seri¬ 
ous systemwide problems, and you may 
need to reinstall NT to correct them. 

1. Physically go to the domain controller 
that you do not want to be the PDC, and 
log on as Administrator. 

2. To start the Registry editor, click 
Start, Run; enter regedt32 in the Open 
box; and click OK. 

3. Select HKEY_LOCAL_MACH- 


INEXSECURITY. By default, the 
Administrator has Special Access rights on 
the SECURITY key. You need to change 
these rights to Full Control. To make this 
change, implement the following steps: 

a. Select Security, Permissions from the 
menu bar. 

b. Select the Administrator’s name. 

c. In the Type of Access drop-down box, 
choose Full Control and select the Replace 
Permission on Existing Subkeys check box. 
This configuration gives the Administrator 
full control over the SECURITY key and 
all subkeys. 

d. Return the SECURITY key permis¬ 
sions to Special Access at the end of this 
process. Select the Administrator’s name, 
and under Special Access, Other, select 
WRITE DAC and READ CONTROL. 
Return to this step after changing the 
Registry value in Step 5. 

4. Select HKEY_LOCAL_MACHINE 
\SECURITY\Policy\PolSrvRo. This key 
has the field <No Name>: REGJNONE. 
Double-click this field to edit its values. 

5. Change the value from 03000000 to 
02000000, and exit the Registry. Changing 
this value sets the machine as a BDC 
instead of a PDC. 

6. Reboot the server. 

7. Resynchronise the domain, from 
Server Manager. 

I have found that the Windows NT 
Server FTP service does not function 
correctly when I access it with Netscape 















browser software. The error typically occurs 
when the home directory is a subdirectory 
rather than the root directory of a drive. I 
frequently get the error message “Can’t find 
the file <filename> in the root directory.” 
What causes this error? 

A: This error probably occurs because you 
have the NT FTP service configured to 
output DOS-style directories, and 
Netscape uses UNIX conventions when it 
navigates. This configuration explains why 
the error typically does not occur when 
your home directory is the root of a drive 
and you are accessing a file. 

To fix this problem, you need to 
configure the service to output UNIX- 
style directories. Run regedt32 (the NT 
Registry editor) to add or modify the 
MsdosDirOutput Registry value at 
HKEY_LOCAL_MACHINE on <FTP 
SERVERUNCNAME or Local Machine 
>\SYSTEM\CurrentControlSet\Services 
\ftpsvc\Parameters. 

To add the value, follow these steps: 

1. Select Edit, and then Add Value. 

2. In the Value Name box, enter the 
name exactly as follows: MsdosDirOutput. 

3. In the Data Type drop-down box, set 
the data type to REG_DWORD. 

4. Click OK. 

5. When prompted for the string, enter 0 
for UNIX listings. 

6. Click OK. 

7. From Control Panel, Services, stop 
and restart your FTP Server service (you 
don’t need to reboot). 

If you’re running Internet Information 
Server (IIS), you don’t need to modify the 
Registry. To make this change, start IIS, 
click the FTP server properties, go to the 
Directories tab, and select UNIX under 
Directory Listing Style. 

® My server hangs approximately once 
every two months and displays the 
fatal message, “NT Blue Screen Error ... 
STOP 0x0000007F (0x00000000, 

0x00000000, 0x00000000, 0x00000000) 
Unexpected_Kernel_Mode_Trap. ” What 
causes this problem? 

A: An incorrect version of BHNT. 


SYS causes this problem when you use the 
Network Monitor on a Windows NT 
Server 3.51 system with SMS 1.1. If NT is 
installed on a FAT partition and the 
Network Monitor is not started automati¬ 
cally, you can reapply the latest service pack 
to the system. Alternatively, you can per¬ 
form the following steps: 

1. Go to the <winnt-root>\system32 
directory, and find the file BHNT.SYS. 
Rename this file BHNT.OLD. 

2. Go to the latest service pack, uncom¬ 
press the BHNT.SYS file, and place the file 
in the system32 directory. 

3. Reboot the system. 

® Replacing or upgrading applications 
within the NT operating environment 
sometimes invalidates an NT service pack. 
What causes this problem, and how can I fix 
it? 


A: During the replacement or installation 
of a software component (such as SQL 
Server or Systems Management Server— 
SMS), the files needed for the upgrade 
come from the application source, which 
may predate the service pack. During the 
application installation, some of the files 
the service pack installed may be overwrit¬ 
ten with older versions from the 
application source. Reapplying the service 
pack after an upgrade or software product 
installation will correct this condition. 


® I’m trying to install Windows NT 
Workstation 4.0 on an ISA PC, but 
NT doesn’t see my hard disk. What can I do? 


A: If the system you’re installing NT on 
does not support Logical Block Addressing 
(LBA), make sure the partition where you 
want to install NT is less than 540MB.You 
may also be able to get an updated BIOS 
from your PC manufacturer to include 
LBA. 

If your system supports LBA, make sure 
that Auto Detect is not enabled. Get the 
hard disk specifications for cylinders, heads, 
and sectors - this information is usually on 
the label of the hard disk. In your hardware 
setup, configure your computer to use a 
custom-defined hard disk with the cylin¬ 
ders, heads, and sectors to match your disk. 


® My Sound Blaster 16 sound card works 
fine with Windows 95, but it doesn’t 
work with Windows NT 4.0. What can I 
do? 

A: Win95 detects Plug and Play (PnP) 
devices, but NT 4.0 does not. Therefore, 
you must manually install the Sound 
Blaster card driver to use it. 

Go to http: //creative-ok. creaf. com/ 
wwwnew/ tech/ftp/ftp-sbl 6awe.html#nt 
and select the Creative Labs Sound Blaster 

1.x, Pro, 16 driver from the list. Accept the 
default settings. To add the driver in NT, 
click Start, Settings, Control Panel, 
Multimedia. On the Devices tab, click 
Add. When you’re prompted, shut down 
and restart the system. 

© After updating to Windows NT 4.0 
Service Pack 3 (SP3), I started getting 
intermittent blue screens of death. I tried to 
uninstall SP3, but even after reinstalling 
NT I still have the service pack files on my 
system. How can I remove them without 
reformatting the disk? 

A: If you selected the uninstall option 
when you applied the service pack, you 
can run Update.exe from the service pack 
and select Uninstall a previously installed 
Service Pack. If you cleared the uninstall 
option when you installed the service 
pack, the files you need for the uninstall 
aren’t available to you. To remove the 
unwanted service pack, execute the fol¬ 
lowing steps: 

1. On the same system, install NT 4.0 in 
a new directory. 

2. Apply SP3, and select the Uninstall 
option.This step will create a hidden direc¬ 
tory under your NT root directory, 
<WINNT_ROOT>\$NtServicePack 
Uninstall$. 

3. Copy the <WINNT_ROOT>\$Nt 
Service PackUninstallS directory from the 
second install to the original <WINNT_ 
ROOT>. Boot the original install of NT, 
run Update.exe from SP3, and select 
Uninstall a previously installed Service Pack. 
This step will use the SNtService 
PackUninstallS files to replace the current 
files. It will also remove all indications that 
you are running NT 4.0 SP3. 
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Q: I distribute SQL Server databases to my 
customers, and I don’t want them to see the 
stored procedure code because it’s propri¬ 
etary to my business. How can I keep them 
from seeing the procedures? 

A: Before SQL Server 6.5, many people 
hid stored procedure code by simply delet¬ 
ing the contents of the text field from the 
syscomments table, where SQL Server 
stores SQL definition statements for view, 
rules, defaults, triggers, CHECK and 
DEFAULT constraints - and stored proce¬ 
dure code. This tactic is less feasible now, 
however, because SQL Server 6.5 requires 
data in the text column. Now, the WITH 
ENCRYPTION option is probably the 
best way to protect your procedures with¬ 
out deleting data from syscomments; you 
can also use WITH ENCRYPTION to 
keep your views and triggers secret. Use 
this syntax: 

CREATE PROCEDURE TestProc 
WITH ENCRYPTION 
As 

Print "this is just a test" 

Go 

SQL Server populates syscomments 
but encrypts the text so no one — not 
even you or the systems administrator — 
can read it. This option protects your 


secret information, and you’ll have no 
problems upgrading to future versions. 
But if you use WITH ENCRYPTION, 
remember that it really hides your infor¬ 
mation.You can’t read the procedure after 
you create it, so make sure you have earli¬ 
er versions of the code (or at least text 
files) outside of SQL Server. 

Q: I received an error message that SQL 
Server had marked my database suspect. 
What can I do? 

A: Use emergency mode (also called 
bypass mode) to recover data when SQL 
Server marks a database suspect. 
Occasionally something (hardware glitch¬ 
es, software glitches, gamma rays, or what¬ 
ever) causes SQL Server’s ordinarily robust 
automatic recovery to fail. Of course, 
recovery failure is never a problem because 
everyone always has an accurate, up-to- 
date backup handy. Uh - huh. Right. But 
what if (hypothetically) you don’t have a 
good backup? 

Most of your data is probably still 
there on disk, but you can’t get to it 
because SQL Server says the database is 
suspect. Setting the database status to 
emergency mode tells SQL Server to skip 
automatic recovery and lets you access the 
data. To get your data, use this script: 


Sp_configure "allow updates", 1 
Reconfigure with override 
GO 

Update sysdatabases set status = -32768 
where name = “BadDbName” 

Sp_configure “allow updates", 0 
Reconfigure with override 
GO 

You might be able to use bulk copy 
program (bcp), simple SELECT com¬ 
mands, or DUMP TRANSACTION 
WITH NO_LOG to extract your data 
while the database is in emergency mode, 
but you won’t be able to issue data modi¬ 
fication commands. Get your data out as 
fast as you can before anything else can go 
wrong. Count your blessings if it’s all there, 
because we can’t guarantee that this tech¬ 
nique will work in all cases. Call Microsoft 
if you’re still stuck. The $230 service call is 
worth the money if Product Support can 
help you recover critical data. (See the 
Microsoft Knowledge Base article 
Q165918 — http://www.microsoft.com/ 
kb/articles/ql65/9/18.htm - for more 
information on this topic.) 

Why might SQL Server mark your 
database suspect? For starters, try querying 
on suspect in SQL Server Books 
Online (BOL) in the MS SQL Server 6.5 
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Group in the Programs Start Menu.You’U 
be surprised how many hits you get. 
Granted, some of them are for the verb 
suspect, but you’ll have dozens of hits on 
suspect as an adjective. For example, you’ll 
find stored procedures such as 
sp_resetstatus and sp_mark suspect that 
turn a database’s suspect flag off and on, 
respectively. Marking a database suspect is 
often the easiest way to drop it (if you 
can’t drop it using SQL Enterprise 
Manager’s Manage Databases or Server 
Manager windows) because you can drop 
suspect databases. Use the command 

DBCC DBREPAIR(database_name, 
dropdb) 

(Remember, though, that you can 
never drop master, model, or tempdb data¬ 
bases, or a database that’s open or partici¬ 
pating in replication.) 

Also recognise that DBCC DBREPAIR 
is a command of last resort. Always try 
DROP DATABASE or sp_db remove first. 
DBCC DBREPAIR is for backward com¬ 
patibility only. 

Q: I’m using the Microsoft Access upsizing 
wizard to move a large database to SQL 
Server, and the process is taking forever. 
What can I do to speed things up? 

A: Three versions of Access databases 
(Access 2.0, Access 95, and Access 97 - 
each with different file formats) let you 
deal with the three versions of Microsoft’s 
upsizing wizard. You can download the 
Access 97 and Access 95 versions from 
http: / / www.microsoft. 
com/AccessDev/ProdInfo/AUT97dat. 
htm. But for Access 2.0 files, you’ll need to 
migrate from Access 2.0 to Access 95 first, 
purchase the Access 2.0 Developer Kit, or 
consider commercial options such as 
Aditi’s UpDown (http://www.aditi.com). 

In general, each version is faster and 
more powerful than the previous version, 
but automation has its limits. You can’t, for 
example, use the upsizing wizards to create 
SQL Server databases that span more than 
one device; that is, you must have the data 
and log files on the same device. 


All the upsizing wizards can, however, 
create a SQL Server schema and populate 
your tables with data from the Access 
database. Although that capability makes 
the migration as hands-off as possible, 
upsizing large datasets is tedious because 
the wizards use INSERT statements to 
populate the SQL Server database one 
row at a time. You have a table with 
500,000 rows? Any idea how long Access 
will take to issue 500,000 INSERTs 
across the wire? 

SQL Server’s bcp provides a much 
faster load, especially when you imple¬ 
ment bcp in fast (no logging) mode. A 
good compromise is to let the wizard cre¬ 
ate the database schema for you, move the 
log file to a second device, and then use 
bcp to manually load the data. By the way, 
each upsizing wizard has bugs and anom¬ 
alies, so be sure to check the Knowledge 
Base before using any of them. 

Note that nothing forces you to use the 
upsizing wizards. You can always use SQL 
Enterprise Manager — or your favourite 
third-party database administrator utility - 
to create the new database. Then you can 
export the Access data as ASCII files and 
use bcp to get them into SQL Server. For 
a comprehensive discussion of options, 
download Microsoft’s new 80-page paper 
“Upsizing Microsoft Access Applications 
to Microsoft SQL Server” from 
http://www.microsoft.com/sql/reskit.htm 

Q: SQL Enterprise Manager (SEM) 
doesn’t let me scroll when I’m looking at 
long messages in the error log. Can I do 
anything? 

A: Looking at the error log with SEM is 
handy, but you can get very frustrated 
when you can’t scroll to the end of a long 
message. Until Microsoft decides to spend 
five minutes of developer time to add a 
scroll bar to the user interface, you can use 
xp_readerrorlog, an undocumented 
extended stored procedure that returns the 
error log as a query result. Another 
approach is to double-click on the error 
message from SEM to pop up a dialogue 
box that shows the entire message. 


Q: My table has a primary key (PK) on a 
column defined with the identity property, 
but I’ve started getting error messages say¬ 
ing I’m trying to insert duplicate keys. 
What gives? 

A: You might have duplicate keys with¬ 
out knowing it. In theory, SQL Server 
always picks a unique number when it 
assigns identity values, but it can lose 
track and try to assign a value that’s 
already in use. This duplication can hap¬ 
pen, for example, if you shut down the 
server improperly or if you truncate the 
table. To troubleshoot the situation, first 
make sure to use the PK or UNIQUE 
constraints to forbid duplicate entries, 
and then use DBCC CHECKIDENT if 
your values ever get out of synch and 
cause inserts to fail with duplicate key 
errors. The command 

DBCC CHECKIDENT (table_name) 

compares the current identity value 
with the maximum value in the identity 
column. If the current identity value is 
invalid, SQL Server will reset it using the 
maximum value in the identity column. 

Worthwhile Links 

Database administrators will be interested 
in Bill Wunder’s site (http://www. 
nyx.net/~bwunder/sql/list.html), where 
they’ll find several scripts and stored proce¬ 
dures - and a dozen or so links. 
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® What will happen to ISDN devices, 
which are expensive and can be hard 
to configure, now that 56Kbps modems are 
available? 


A: Compared with other connection 
methods, ISDN has several important ad¬ 
vantages that will ensure its place in the 
industry for a while. ISDN provides rapid 
(several seconds) logon times and guaran¬ 
teed bandwidth (you get either 64Kbps or 
128Kbps connections). You can purchase 
an ISDN router that lets you easily pro¬ 
vide a network-wide connection and con¬ 
ceal your company’s internal IP systems. 
ISDN devices will continue to compete 
with modems because you can now turn 
most ISDN devices on and off and use 
them on demand (i.e., in a dial-up mode, 
like you can with a conventional modem). 
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I plan to purchase a router, but I have 
some concerns about Network Address 
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Translation (NAT). Can you explain 
NAT? 

A: NAT helps you simplify and conserve 
IP addresses because it minimises the 
number of leased IP addresses you need. 
NAT enables private internal networks 
that use unregistered IP addresses to con¬ 
nect to the Internet. Specifically, NAT 
operates on a router, usually connecting 
two networks, and translates private 
(unregistered) IP addresses in the internal 
network into legal (registered) IP 
addresses before sending packets to 
another network (such as the Web). As 
part of this functionality, you can config¬ 
ure NAT to advertise only one IP address 
for the entire network to the outside 
world. This approach increases security 
because that one IP address effectively 
hides your entire internal network from 
other networks. 

Companies typically implement NAT 
in remote access environments because 
you can easily control which IP address¬ 
es are used. A NAT router answers 
Address Resolution Protocol (ARP) 
requests for IP addresses inside a compa¬ 
ny’s dynamic pool and even functions 
with Domain Name System (DNS) 
servers on the Internet. NAT can save 
you considerable hassle in assigning and 
maintaining IP addresses. 

How can I change the number of days 
that Windows NT displays a warning 
message reminding users to change their 
password before it expires? 

A: Before NT 4.0, you couldn’t change 


the number of days that NT displayed a 
warning message before the user’s pass¬ 
word expired. This value was always set to 
14 days. 

In NT 4.0, you can use the Registry 
editor to add a Registry entry that adjusts 
this value (this value does not appear in 
the Registry unless you add it). Warning: 
using the Registry editor incorrectly can 
cause serious, systemwide problems. You 
may have to uninstall NT to correct them. 
Use this tool at your own risk. 

Go to the HKEY_LOCAL_MACH- 
INE\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\Winlogon key. Add 
the value PasswordExpiryWarning of data 
type REG_DWORD. The range for this 
value is in number of days, and the default 
value is 14. 

I want to disable Windows NT’s 
browser services from reporting certain 
servers on my network. However, I still 
want to be able to find these servers using 
the universal naming convention (UNC) 
format. Can I do this? 

A: Yes, NT will let you hide servers that 
you can still browse using UNC. Open 
your favourite Registry editor and go to 
the HKEY_LOCAL_MACHINE\ 
SYSTEM\CurrentControlSet\Services\ 
LanmanServerXParameters key. Add a new 
value, hidden, of data type REG_ 
DWORD. Set the value to 1 (hidden) to 
hide the computer. (For more information 
on disabling the browser on your net¬ 
work, see George Spalding, “Too Many 
Servers Spoil Network Performance,” 
September 1997.) 
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I hitting people on the web 


In just 30 minutes you can create your Web Site. 
From then on you can modify your pages, layout, 
images, and text as often as you like - free of 
charge. 



How will people find you on the Web? Hotspace 
helps you market your Web Site through search 
engines, directories and existing marketing. 



With training and support accessible 7 days a 
week 24 hours a day. The uDOit point and click 
editor is very easy to use. 
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■ Screen 1: 

Keeping NT from 
displaying the last 
known user in the 
Username box 



® I am trying to increase security on my 
network. How do I disable the last 
user that Windows NT lists during the 
logon process? 

A: By default, in the Username space of 
the Logon Information dialogue box, NT 
displays the name of the last person to log 
on. To make the Username space blank 
when this dialogue box appears, you have 
to change the NT Registry - remember, 
always have a backup of your Registry 
before you edit it. 

Use your Registry editor to go to the 
HKEY_LOCAL_MACHINE\SOFT- 
WARE\Microsoft\Windows NTSCur- 
rentVersion\Winlogon key. Add the value 
DontDisplayLastUserName of data type 
REG_SZ, and set it to 1, as you see in 
Screen 1. The Username space will be 
blank when the Logon Information dia¬ 
logue box appears. 


® I recently migrated from Windows 95 
to Windows NT 4.0. Although I am 
happy with the upgrade, I want NT 4.0 to 
automatically power down the way Win95 
does. How can I make this happen? 


A: To automatically shut down your sys¬ 
tem when you exit NT 4.0, you need to 


open the NT Registry and edit the 
HKEY_LOCAL_MACHINE\SOFT- 
WARE\Microsoft\Windows NT\Cur- 
rentVersion\Winlogon key. Double-click 
the PowerdownAfterShutdown entry and 
set the value to 1, as you see in Screen 2. 
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How do I remove unused shares when 
Windows NT boots? 


A: NT maintains a list of mapped shares in 
the Registry. To update or change this list, 
go to the HKEY_CURRENT_USER/ 
Software/Microsoft/Windows NT/Cur- 
rentVersion/Network/PersistentConnect- 
ions key. Highlight and delete any unwant¬ 
ed entries. Double-click the Order entry 
to remove the drive letters for the shares 
you deleted. 

© After switching from Novell NetWare 
3.12 to Windows NT, I have noticed 
that Novell is faster with network transfers 
than is Windows NT. How do I configure 
NT to achieve better network transfer rates? 


A: To improve the rate of network transfers 
in NT, you have to increase the number of 
buffers that the redirector reserves for net¬ 
work performance. In some cases, the 
greater number of buffers can increase your 
network throughput. Each extra execution 


■ Screen 2: 

Editing the NT Registry 
to make the software 
automatically power 
down 



thread that you configure will take 1KB o 
additional nonpaged pool memory, bu 
only if your applications use the memory 
To configure buffers, you have to modify 
the Registry. Warning: Using the Registry 
editor incorrectly can cause serious, sys 
temwide problems. You may have to unin 
stall NT to correct them. Use this tool a 
your own risk. 

Use your favourite Registry edit too 
to go to the HKEY_LOCAL_ MACH- 
INE\SYSTEM\CurrentControlSet\Serv 
ces\LanmanWorkstation\Parameters key 
Modify or add the value MaxCmds of typt 
REG_DWORD (the range is 0 to 255, anc 
the default is 15). Add the valus 
MaxThreads of type REG_DWORD, anc 
set it to the same value as MaxCmds. Yoi 
can also increase the value o 
MaxCollectionCount. This value (type 
REG_DWORD) is the buffer for charac¬ 
ter-mode named pipes writes. This value 
defaults to 16, and ranges from 0 to 65535. 
Screen 1, shows these Registry settings. Foi 
more performance information, see Carlos 
Bernal, “NT vs. NetWare: File Services 
Grand Prix,” page 46. 

® Every time I look at Windows 
NT’s Event Viewer, I see a lot of 
entries for browsers and elections. Is 
this normal? What can I do to prevent 
such messages? 

A: Browser elections are normal oc¬ 
currences in an NT network. The elections 
guarantee that only one master browser is 
present in the NT domain or workgroup. 
The election process also helps pass net¬ 
work information to systems as they log on 
to the network. NT elects master browsers 
according to the following priority: 

• NT Server installed as a Primary 
Domain Controller (PDC) 

• NT Server 
• NT Workstation 
• Other 

NT automatically elects the PDC to be 
the Domain Master Browser even if the 
value IsDomainMaster is set to Yes in the 
Registry on another NT server within the 
domain. 

If you are running workgroup servers 
(no domain controller) and want to force a 
server to be the preferred master browser, 
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open the Registry and go to the 
HKEY_LOCAL_MACHINE\SYSTEM\ 
CurrentControlSet\Services\Browser\ 
Parameters key. Set the value 
IsDomainMaster to Yes. To prevent an NT 
workstation or server (non-PDC) from 
acting as a browser, open the Registry and 
go to the HKEY_LOCAL_MACHINE\ 
SYSTEM\CurrentControlSet\Services\ 
BrowserXParameters key. Set the 
MaintainServerList value to No. 

Many times, Windows for Workgroups 
(WFW) or Windows 95 clients can cause 
serious browser contention. These systems 
are notorious for trying to be the Master 


Browser. To prevent a WFW system from 
acting as a browser, create and set the fol¬ 
lowing statement in the [Network] section 
of System.ini of the WFW client: 

MaintainServerList=No (other valid 
entries are Yes and Auto) 

Win95 machines can participate in a 
browser election only if you configure 
them for file or print sharing. To set or 
check the browser settings, open the 
Network applet in the Control Panel on 
the Win95 system. Scroll the Network 
Configuration for File and printer sharing for 


Microsoft Networks. Highlight this entry, and 
click the Properties button. Select Browse 
Master, and choose from Disabled, 
Enabled, or Automatic. (For more informa¬ 
tion on how to increase your network’s 
performance, see George Spalding, “Too 
Many Servers Spoil Network 
Performance,” September 1997.) □ 

Send us your tips and questions. You 
can also visit Bob Chronister's online 
Tricks & Traps at http://www.winntmag. 
com/forums/index, html. 
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The Scan list of bad-taste freebies 


Everyone seems to believe journalists get loads of 
cool, expensive freebies, even though this couldn't 
be further from the truth. So, in this month of 
Christmas cheer and New Year good-will, we 
thought we'd act like scrooges and write a list of the 
seven worst freebies we've ever received: 

1) A cold gourmet pizza with curry topping. Mmm, 
finger lickin' good. 

2) A nerdy hat with a propeller on top. Was this 
meant to be a hint? 

3) T-shirts which are extra large. We've received 


' Catch 


From the flaw or feature department, a tipster reports the 
following Catch-22 in Windows NT: if you check the User 
Must Logon Before Changing Password box in User 
Account Policy, users must contact the administrator to 
reset their password when it expires. If you check the 
User Must Change Password at Next Logon box in User 
Properties, the first time that users log on after their 
password expires, they must change the password. If 
you check both boxes, the User Must Logon Before 
Changing Password command overrides the User 
Must Change Password at Next Logon 
command. 

Because of the overridden com¬ 
mand, users who receive the User 
Must Change Password at Next 
Logon message will never be able 
to log on because their password 
has expired (error 
COOOOBE). Thus, any 
company that wants to 
implement both secu¬ 
rity features 
unable to do so. 





Killer on the loose 

I've verified this hot rumour: Lexmark 
1030 printers can burn out mother¬ 
boards and cause NT not to detect the 
mouse or keyboard. You don't often see 
hardware killing other hardware . . . 

Hi-Ho, Hi-Ho it’<i o ff to the CIA we gq 

This may be just another conspiracy theory by some paranoid IT 
insiders from the US but we have uncovered a 
hostage situation within the Central Intelligence 
Agency. The seven dwarfs are currently held 
in the bowels of the CIA, according to Paul 
Rushton, Australasian marketing manager for 
StorageTek. The seven StorageTek silos have 
been lovingly named after the Walt Disney 
characters. I can only guess which promi¬ 
nent, US citizens’ files are located in the 
Grumpy silo. 


at least ten of these, and they are all extra 
large-yet none of us here even make it to six 
feet. Yeah, thanks guys. 

4) A single pool ball with the number 8 on it. 
Hey, we can nick these ourselves from the bar 
across the road. 

5) A broken glass beaker in a box filled with 
chocolate-coated coffee beans. Fun if you have 
a nurse nearby. 

6) A plastic slinky. Let's face it, if you give out 
slinkies they should at least be the metal ones 
that make it down steps-ours has to be 
forcibly thrown down. 

7) Yellow plastic raincoats with the price-tag 
still on them-stating that they cost $2. And 
we thought we were tight. 


Still, putting all this aside, we wish 
everyone a Merry Christmas 
and a Happy New Year - 
even the companies 
who sent us the 
















StorageTek Where the world’s information goes. 


Your data-storage 

costs are soaring. * 

Your backup window 

is shrinking. 

Your Staff can’t keep up. * 
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They don’t make coffee or tell jokes. But StorageTek’s automated cartridge systems 
will improve the quality of life around the office from Day One. Using high-performance 
robotics, our systems back up, retrieve, load and manage all your data. And save you 
a small fortune, too. They work in a wide range of distributed computing environments | 
and deliver mainframe storage performance, without the mainframe price. | 
For more information, just call 02 9438 4844, ext. 606. Or visit our Web site. 


www.storagetek.com/robo 









Backup is boring, 

until you need to restore data 




The only 
diskette based 
recovery 
option that 
eliminates the 
need to first 
reload the 
operating 
system. 





IKUP EXEC 
ASSISTANT 
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Microsoft relies 01 


Seagate Backup Exec 
Assistant streamlines 
enterprise-wide operations 
with integrated Wizards 
for effortless backup and 
restore management. 


• ''f’“ Seagate Software 

Pacific call 1800 671 796 . 


<& Seagate software 


Distributed by ACA Pacific Pty. Ltd. 
MEL 47 Edward St Brunswick 
SYD L4, 20 Alfred St Milsons Point 

www.acapacific.com.au 


TEAM WITH THE NAMES THAT GAVE YOU BACKUP EXEC, SEAGATE SOFTWARE & ACA PACIFI 





























